magicblack/maccms10 on GitHub
苹果cms官网,苹果cmsv10,maccmsv10,麦克cms,开源cms,内容管理系统,视频分享程序,分集剧情程序,网址导航程序,文章程序,漫画程序,图片程序
CVE History
| CVE | Published | CVSS v2 | CVSS v3 |
|---|---|---|---|
| CVE-2024-32391 | N/A | N/A | |
| Cross Site Scripting vulnerability in MacCMS v.10 v.2024.1000.3000 allows a remote attacker to execute arbitrary code via a crafted payload. | |||
| CVE-2022-44870 | 6.1 MEDIUM | N/A | |
| A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module. | |||
| CVE-2022-35148 | 6.5 MEDIUM | N/A | |
| maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html. | |||
| CVE-2022-27887 | 6.1 MEDIUM | 4.3 MEDIUM | |
| Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter. | |||
| CVE-2022-26573 | 6.1 MEDIUM | 4.3 MEDIUM | |
| Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters. | |||
| CVE-2022-27884 | 6.1 MEDIUM | 4.3 MEDIUM | |
| Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd parameter. | |||
| CVE-2022-27885 | 6.1 MEDIUM | 4.3 MEDIUM | |
| Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters. | |||
| CVE-2022-27886 | 6.1 MEDIUM | 4.3 MEDIUM | |
| Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via the wd parameter. | |||
| CVE-2021-45786 | 9.8 CRITICAL | 7.5 HIGH | |
| In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges. | |||
| CVE-2021-45787 | 5.4 MEDIUM | 3.5 LOW | |
| There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks. | |||
| CVE-2020-21386 | 8.8 HIGH | 6.8 MEDIUM | |
| A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges. | |||
| CVE-2020-21387 | 6.1 MEDIUM | 4.3 MEDIUM | |
| A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload. | |||
| CVE-2020-20514 | 8.1 HIGH | 4.9 MEDIUM | |
| A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users. | |||
| CVE-2020-21363 | 6.5 MEDIUM | 5.5 MEDIUM | |
| An arbitrary file deletion vulnerability exists within Maccms10. | |||
| CVE-2020-21362 | 5.4 MEDIUM | 3.5 LOW | |
| A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter. | |||
| CVE-2020-21359 | 9.8 CRITICAL | 7.5 HIGH | |
| An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name. | |||