CVE-2020-21362
- EPSS 0.24%
- Veröffentlicht 11.08.2021 21:15:07
- Zuletzt bearbeitet 21.11.2024 05:12:32
A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter.
CVE-2020-21359
- EPSS 1.11%
- Veröffentlicht 11.08.2021 21:15:07
- Zuletzt bearbeitet 21.11.2024 05:12:32
An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name.
CVE-2018-19465
- EPSS 0.24%
- Veröffentlicht 07.06.2019 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:58
Maccms through 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to template/paody/html/vod_index.html.
CVE-2019-9829
- EPSS 0.72%
- Veröffentlicht 15.03.2019 03:29:00
- Zuletzt bearbeitet 21.11.2024 04:52:23
Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition of ....
CVE-2019-8410
- EPSS 0.33%
- Veröffentlicht 27.02.2019 17:29:00
- Zuletzt bearbeitet 21.11.2024 04:49:51
Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not t_key).
CVE-2018-12114
- EPSS 0.32%
- Veröffentlicht 14.06.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:44:37
Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.
CVE-2017-17733
- EPSS 31.78%
- Veröffentlicht 18.12.2017 05:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search request.