Affected Products

Vendor / product matrix with CVE counts sourced from the CPE catalog.

Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
maccms
110024.2%CRITICAL

Related CVEs

10
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-10397A vulnerability was identified in Magicblack MacCMS 2025.1000.4050. This affects an unknown part of the component API Handler. The manipulation of the argument cjurl leads to server-side request forgery. The attack can be initiated remotely. The exploit is publicly available and might be used.LOW2.023.6%Sep 14, 2025
CVE-2025-10395A vulnerability was found in Magicblack MacCMS 2025.1000.4050. Affected by this vulnerability is the function col_url of the component Scheduled Task Handler. Performing manipulation of the argument cjurl results in server-side request forgery. It is possible to initiate the attack remotely.MEDIUM5.123.6%Sep 14, 2025
CVE-2025-10122A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.LOW2.021.6%Sep 9, 2025
CVE-2025-45474maccms10 v2025.1000.4047 is vulnerable to Server-side request forgery (SSRF) in Email Settings.HIGH7.323.6%May 29, 2025
CVE-2025-45475maccms10 v2025.1000.4047 is vulnerable to Server-Side request forgery (SSRF) in Friend Link Management.MEDIUM5.420.0%May 27, 2025
CVE-2025-28091maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article.CRITICAL9.130.6%Mar 28, 2025
CVE-2025-28090maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature.CRITICAL9.129.6%Mar 28, 2025
CVE-2025-28089maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function.CRITICAL9.130.6%Mar 28, 2025
CVE-2024-46654A stored cross-site scripting (XSS) vulnerability in the Add Scheduled Task module of Maccms10 v2024.1000.4040 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.MEDIUM4.814.4%Sep 20, 2024
CVE-2024-32391Cross Site Scripting vulnerability in MacCMS v.10 v.2024.1000.3000 allows a remote attacker to execute arbitrary code via a crafted payload.HIGH7.3Apr 19, 2024