Known Vulnerabilities for products from Maccms
Listed below are 15 of the newest known vulnerabilities associated with the vendor "Maccms".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-43707 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2022-03-31 | 2022-04-06 |
| CVE-2020-21434 | Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. This vulnerabi... | 5.4 - MEDIUM | 2021-10-04 | 2021-10-07 |
| CVE-2020-21387 | A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator... | 6.1 - MEDIUM | 2021-10-04 | 2021-10-07 |
| CVE-2020-21386 | A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain adm... | 8.8 - HIGH | 2021-10-04 | 2021-10-07 |
| CVE-2020-21363 | An arbitrary file deletion vulnerability exists within Maccms10. | 6.5 - MEDIUM | 2021-08-11 | 2021-08-16 |
| CVE-2020-21362 | A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrar... | 5.4 - MEDIUM | 2021-08-11 | 2021-08-13 |
| CVE-2020-21359 | An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whiteli... | 9.8 - CRITICAL | 2021-08-11 | 2021-08-16 |
| CVE-2020-21082 | A cross-site scripting (XSS) vulnerability in the background administrator article management module of Maccms 8.0 allows att... | 6.1 - MEDIUM | 2021-09-14 | 2021-09-24 |
| CVE-2020-21081 | A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge vi... | 6.5 - MEDIUM | 2021-09-14 | 2021-09-24 |
| CVE-2020-20514 | A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/ |
8.1 - HIGH | 2021-09-24 | 2021-10-01 |
| CVE-2019-9829 | Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit ... | 8.8 - HIGH | 2019-03-15 | 2021-07-21 |
| CVE-2019-8410 | Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the k... | 6.1 - MEDIUM | 2019-02-27 | 2019-02-27 |
| CVE-2018-19465 | Maccms through 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and t... | 6.1 - MEDIUM | 2019-06-07 | 2019-06-10 |
| CVE-2018-12114 | Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts. | 8.8 - HIGH | 2018-06-14 | 2018-08-03 |
| CVE-2017-17733 | Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search request. | 9.8 - CRITICAL | 2017-12-18 | 2019-10-03 |