magicblack/maccms10
GitHub
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 9.1 CRITICAL | — | ||
maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function. | |||
| 4.8 MEDIUM | — | ||
A stored cross-site scripting (XSS) vulnerability in the Add Scheduled Task module of Maccms10 v2024.1000.4040 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||
| 7.3 HIGH | — | ||
Cross Site Scripting vulnerability in MacCMS v.10 v.2024.1000.3000 allows a remote attacker to execute arbitrary code via a crafted payload. | |||
| 6.1 MEDIUM | — | ||
A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module. | |||
| 6.5 MEDIUM | — | ||
maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html. | |||
| 6.1 MEDIUM | 4.3 MEDIUM | ||
Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd parameter. | |||
| 6.1 MEDIUM | 4.3 MEDIUM | ||
Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter. | |||
| 6.1 MEDIUM | 4.3 MEDIUM | ||
Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via the wd parameter. | |||
| 6.1 MEDIUM | 4.3 MEDIUM | ||
Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters. | |||
| 6.1 MEDIUM | 4.3 MEDIUM | ||
Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters. | |||
| 5.4 MEDIUM | 3.5 LOW | ||
There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks. | |||
| 9.8 CRITICAL | 7.5 HIGH | ||
In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges. | |||
| 6.1 MEDIUM | 4.3 MEDIUM | ||
A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload. | |||
| 8.8 HIGH | 6.8 MEDIUM | ||
A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges. | |||
| 8.1 HIGH | 4.9 MEDIUM | ||
A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users. | |||
| 6.5 MEDIUM | 5.5 MEDIUM | ||
An arbitrary file deletion vulnerability exists within Maccms10. | |||
| 5.4 MEDIUM | 3.5 LOW | ||
A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter. | |||
| 9.8 CRITICAL | 7.5 HIGH | ||
An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name. | |||