Shodan
Vulnerabilities
Vulnerable Software
Maccms:  >> Maccms  Security Vulnerabilities
CVE-2020-21434
Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-10-04
CVE-2020-21386
A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-10-04
CVE-2020-21387
A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-10-04
CVE-2020-20514
A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users.
CVSS Score
8.1
EPSS Score
0.001
Published
2021-09-24
CVE-2020-21081
A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted URL.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-09-14
CVE-2020-21082
A cross-site scripting (XSS) vulnerability in the background administrator article management module of Maccms 8.0 allows attackers to steal administrator and user cookies via crafted payloads in the text fields for Chinese and English names.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-09-14
CVE-2020-21359
An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name.
CVSS Score
9.8
EPSS Score
0.011
Published
2021-08-11
CVE-2020-21362
A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-08-11
CVE-2020-21363
An arbitrary file deletion vulnerability exists within Maccms10.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-08-11
CVE-2018-19465
Maccms through 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to template/paody/html/vod_index.html.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-06-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved