CVE-2020-21387

magicblack/maccms10

on github

Published

October 4, 2021

Severity

CVSS v3:

6.1 MEDIUM

CVSS v2:

4.3 MEDIUM

Description

A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload.

References

https://github.com/magicblack/maccms10/issues/126

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:maccms:maccms:10.0:::::::*	n/a	n/a	10.0

External Links

NVD - CVE-2020-21387