CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2022-47872
https://notcve.org/view.php?id=CVE-2022-47872
01 Feb 2023 — A Server-Side Request Forgery (SSRF) in maccms10 v2021.1000.2000 allows attackers to force the application to make arbitrary requests via a crafted payload injected into the Name parameter under the Interface address module. • https://github.com/Cedric1314/CVE-2022-47872 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 3CVE-2022-44870
https://notcve.org/view.php?id=CVE-2022-44870
06 Jan 2023 — A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module. • https://github.com/Cedric1314/CVE-2022-44870 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 1CVE-2022-35148
https://notcve.org/view.php?id=CVE-2022-35148
17 Aug 2022 — maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html. Se ha detectado que maccms10 versiones v2021.1000.1081 a v2022.1000.3031, contienen una vulnerabilidad de inyección SQL por medio del parámetro table en el archivo database/columns.html. • https://github.com/magicblack/maccms10/issues/931 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31303
https://notcve.org/view.php?id=CVE-2022-31303
21 Jun 2022 — maccms10 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field. Se ha detectado que maccms10 contiene una vulnerabilidad de tipo cross-site scripting (XSS) almacenado por medio del campo de texto Server Group • https://github.com/maccmspro/maccms10/issues/20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43707
https://notcve.org/view.php?id=CVE-2021-43707
31 Mar 2022 — Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link_Name parameter. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Maccms versión v10, por medio del parámetro link_Name • https://github.com/maccmspro/maccms10/issues/18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 1CVE-2022-27886
https://notcve.org/view.php?id=CVE-2022-27886
25 Mar 2022 — Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via the wd parameter. Se ha detectado que Maccms v10 contiene una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en /admin.php/admin/ulog/index.html por medio del parámetro wd • https://github.com/magicblack/maccms10/issues/840 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 1CVE-2022-27887
https://notcve.org/view.php?id=CVE-2022-27887
25 Mar 2022 — Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter. Se ha detectado que Maccms v10 contiene una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en /admin.php/admin/vod/data.html por medio del parámetro repeat • https://github.com/magicblack/maccms10/issues/840 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 1CVE-2022-27884
https://notcve.org/view.php?id=CVE-2022-27884
25 Mar 2022 — Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd parameter. Se ha detectado que Maccms versión v10, contenía una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en /admin.php/admin/plog/index.html por medio del parámetro wd • https://github.com/magicblack/maccms10/issues/840 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 1CVE-2022-27885
https://notcve.org/view.php?id=CVE-2022-27885
25 Mar 2022 — Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters. Se ha detectado que Maccms versión v10, contenía múltiples vulnerabilidades de tipo cross-site scripting (XSS) reflejado en /admin.php/admin/website/data.html por medio de los parámetros select y input • https://github.com/magicblack/maccms10/issues/840 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 1CVE-2022-26573
https://notcve.org/view.php?id=CVE-2022-26573
25 Mar 2022 — Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters. Se ha detectado que Maccms versión v10, contiene múltiples vulnerabilidades de tipo cross-site scripting (XSS) reflejado en /admin.php/admin/art/data.html por medio de los parámetros select y input • https://github.com/magicblack/maccms10/issues/840 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •