Product
maccms
37 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-10397
CVE-2025-10395
CVE-2025-10122
CVE-2025-45474
CVE-2025-45475
CVE-2025-28091
CVE-2025-28090
CVE-2025-28089
CVE-2024-46654
CVE-2024-32391
CVE-2022-47872
CVE-2022-44870
CVE-2022-35148
CVE-2022-31303
CVE-2022-31302
CVE-2021-43707
CVE-2022-27887
CVE-2022-27886
CVE-2022-27885
CVE-2022-27884
CVE-2022-26573
CVE-2021-45787
CVE-2021-45786
CVE-2020-21434
CVE-2020-21387
CVE-2020-21386
CVE-2020-20514
CVE-2020-21082
CVE-2020-21081
CVE-2020-21363
CVE-2020-21362
CVE-2020-21359
CVE-2018-19465
CVE-2019-9829
CVE-2019-8410
CVE-2018-12114
CVE-2017-17733
all versions
A vulnerability was identified in Magicblack MacCMS 2025.1000.4050. This affects an unknown part of the component API Handler. The
all versions
A vulnerability was found in Magicblack MacCMS 2025.1000.4050. Affected by this vulnerability is the function col_url of the compo
all versions
A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Databa
all versions
maccms10 v2025.1000.4047 is vulnerable to Server-side request forgery (SSRF) in Email Settings.
all versions
maccms10 v2025.1000.4047 is vulnerable to Server-Side request forgery (SSRF) in Friend Link Management.
all versions
maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article.
all versions
maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature.
all versions
maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function.
all versions
A stored cross-site scripting (XSS) vulnerability in the Add Scheduled Task module of Maccms10 v2024.1000.4040 allows attackers to
all versions
Cross Site Scripting vulnerability in MacCMS v.10 v.2024.1000.3000 allows a remote attacker to execute arbitrary code via a crafte
all versions
A Server-Side Request Forgery (SSRF) in maccms10 v2021.1000.2000 allows attackers to force the application to make arbitrary reque
all versions
A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts
all versions
maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at dat
all versions
maccms10 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field.
all versions
maccms8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field.
all versions
Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link_Name parameter.
all versions
Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via th
all versions
Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via
all versions
Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/website/dat
all versions
Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via
all versions
Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/art/data.ht
all versions
There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parame
all versions
In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges.
all versions
Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. This vulnerability
all versions
A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cook
all versions
A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administ
all versions
A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to de
all versions
A cross-site scripting (XSS) vulnerability in the background administrator article management module of Maccms 8.0 allows attacker
all versions
A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via cli
all versions
An arbitrary file deletion vulnerability exists within Maccms10.
all versions
A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web
all versions
An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist ve
<= 8.0
Maccms through 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/ht
all versions
Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit actio
<= 8.0
Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywor
all versions
Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.
all versions
Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search request.