Shodan
Vulnerabilities
Vulnerable Software
Maccms:  >> Maccms  >> 10.0  Security Vulnerabilities
CVE-2025-10397
A vulnerability was identified in Magicblack MacCMS 2025.1000.4050. This affects an unknown part of the component API Handler. The manipulation of the argument cjurl leads to server-side request forgery. The attack can be initiated remotely. The exploit is publicly available and might be used.
CVSS Score
4.7
EPSS Score
0.0
Published
2025-09-14
CVE-2025-10395
A vulnerability was found in Magicblack MacCMS 2025.1000.4050. Affected by this vulnerability is the function col_url of the component Scheduled Task Handler. Performing manipulation of the argument cjurl results in server-side request forgery. It is possible to initiate the attack remotely.
CVSS Score
4.7
EPSS Score
0.0
Published
2025-09-14
CVE-2025-10122
A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.
CVSS Score
4.7
EPSS Score
0.0
Published
2025-09-09
CVE-2025-45474
maccms10 v2025.1000.4047 is vulnerable to Server-side request forgery (SSRF) in Email Settings.
CVSS Score
7.3
EPSS Score
0.001
Published
2025-05-29
CVE-2025-45475
maccms10 v2025.1000.4047 is vulnerable to Server-Side request forgery (SSRF) in Friend Link Management.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-05-27
CVE-2025-28091
maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-03-28
CVE-2025-28089
maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-03-28
CVE-2025-28090
maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-03-28
CVE-2024-46654
A stored cross-site scripting (XSS) vulnerability in the Add Scheduled Task module of Maccms10 v2024.1000.4040 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-09-20
CVE-2024-32391
Cross Site Scripting vulnerability in MacCMS v.10 v.2024.1000.3000 allows a remote attacker to execute arbitrary code via a crafted payload.
CVSS Score
7.3
EPSS Score
0.003
Published
2024-04-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved