CVE-2018-19465

Maccms through 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to template/paody/html/vod_index.html.
Configurations

Configuration 1 (hide)

cpe:2.3:a:maccms:maccms:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:57

Type Values Removed Values Added
References () https://github.com/holychang/maccms8/blob/master/README.md - Exploit, Third Party Advisory () https://github.com/holychang/maccms8/blob/master/README.md - Exploit, Third Party Advisory
References () https://www.maccms.com/down.html - Broken Link () https://www.maccms.com/down.html - Broken Link

Information

Published : 2019-06-07 17:29

Updated : 2024-11-21 03:57


NVD link : CVE-2018-19465

Mitre link : CVE-2018-19465

CVE.ORG link : CVE-2018-19465


JSON object : View

Products Affected

maccms

  • maccms
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')