CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46654
https://notcve.org/view.php?id=CVE-2024-46654
20 Sep 2024 — A stored cross-site scripting (XSS) vulnerability in the Add Scheduled Task module of Maccms10 v2024.1000.4040 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. • https://github.com/magicblack/maccms10/issues/1183 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32391
https://notcve.org/view.php?id=CVE-2024-32391
19 Apr 2024 — Cross Site Scripting vulnerability in MacCMS v.10 v.2024.1000.3000 allows a remote attacker to execute arbitrary code via a crafted payload. Vulnerabilidad de Cross Site Scripting en MacCMS v.10 v.2024.1000.3000 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado. • https://github.com/magicblack/maccms10/issues/1133 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2022-47872
https://notcve.org/view.php?id=CVE-2022-47872
01 Feb 2023 — A Server-Side Request Forgery (SSRF) in maccms10 v2021.1000.2000 allows attackers to force the application to make arbitrary requests via a crafted payload injected into the Name parameter under the Interface address module. • https://github.com/Cedric1314/CVE-2022-47872 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 3CVE-2022-44870
https://notcve.org/view.php?id=CVE-2022-44870
06 Jan 2023 — A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module. • https://github.com/Cedric1314/CVE-2022-44870 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 1CVE-2022-35148
https://notcve.org/view.php?id=CVE-2022-35148
17 Aug 2022 — maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html. Se ha detectado que maccms10 versiones v2021.1000.1081 a v2022.1000.3031, contienen una vulnerabilidad de inyección SQL por medio del parámetro table en el archivo database/columns.html. • https://github.com/magicblack/maccms10/issues/931 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31303
https://notcve.org/view.php?id=CVE-2022-31303
21 Jun 2022 — maccms10 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field. Se ha detectado que maccms10 contiene una vulnerabilidad de tipo cross-site scripting (XSS) almacenado por medio del campo de texto Server Group • https://github.com/maccmspro/maccms10/issues/20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31302
https://notcve.org/view.php?id=CVE-2022-31302
21 Jun 2022 — maccms8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field. Se ha detectado que maccms8 contenía una vulnerabilidad de tipo cross-site scripting (XSS) almacenado por medio del campo de texto Server Group • https://github.com/maccmspro/maccms8/issues/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43707
https://notcve.org/view.php?id=CVE-2021-43707
31 Mar 2022 — Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link_Name parameter. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Maccms versión v10, por medio del parámetro link_Name • https://github.com/maccmspro/maccms10/issues/18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 1CVE-2022-27886
https://notcve.org/view.php?id=CVE-2022-27886
25 Mar 2022 — Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via the wd parameter. Se ha detectado que Maccms v10 contiene una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en /admin.php/admin/ulog/index.html por medio del parámetro wd • https://github.com/magicblack/maccms10/issues/840 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 1CVE-2022-27887
https://notcve.org/view.php?id=CVE-2022-27887
25 Mar 2022 — Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter. Se ha detectado que Maccms v10 contiene una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en /admin.php/admin/vod/data.html por medio del parámetro repeat • https://github.com/magicblack/maccms10/issues/840 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •