Vulnerabilities (CVE)

Filtered by vendor Maccms Subscribe
Total 27 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-21363 1 Maccms 1 Maccms 2024-02-28 5.5 MEDIUM 6.5 MEDIUM
An arbitrary file deletion vulnerability exists within Maccms10.
CVE-2020-21362 1 Maccms 1 Maccms 2024-02-28 3.5 LOW 5.4 MEDIUM
A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter.
CVE-2018-19465 1 Maccms 1 Maccms 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Maccms through 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to template/paody/html/vod_index.html.
CVE-2019-9829 1 Maccms 1 Maccms 2024-02-28 6.5 MEDIUM 8.8 HIGH
Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition of .php files as templates.
CVE-2019-8410 1 Maccms 1 Maccms 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not t_key).
CVE-2018-12114 1 Maccms 1 Maccms 2024-02-28 6.8 MEDIUM 8.8 HIGH
Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.
CVE-2017-17733 1 Maccms 1 Maccms 2024-02-28 7.5 HIGH 9.8 CRITICAL
Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search request.