maccms 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk ssrf、vendor risk csrf, and vendor risk sql injection に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で vendor impact data exposure and ファイル上書き などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-10397 | A vulnerability was identified in Magicblack MacCMS 2025.1000.4050. This affects an unknown part of the component API Handler. The manipulation of the argument cjurl leads to server-side request forgery. The attack can be initiated remotely. The exploit is publicly available and might be used. | [email protected] | 2.0 | 0.32% | 2025-09-14 | 2026-06-17 |
| CVE-2025-10395 | A vulnerability was found in Magicblack MacCMS 2025.1000.4050. Affected by this vulnerability is the function col_url of the component Scheduled Task Handler. Performing manipulation of the argument cjurl results in server-side request forgery. It is possible to initiate the attack remotely. | [email protected] | 5.1 | 0.32% | 2025-09-14 | 2026-06-17 |
| CVE-2025-10122 | A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. | [email protected] | 2.0 | 0.30% | 2025-09-09 | 2026-06-17 |
| CVE-2025-45474 | maccms10 v2025.1000.4047 is vulnerable to Server-side request forgery (SSRF) in Email Settings. | [email protected] | 7.3 | 0.32% | 2025-05-29 | 2026-06-17 |
| CVE-2025-45475 | maccms10 v2025.1000.4047 is vulnerable to Server-Side request forgery (SSRF) in Friend Link Management. | [email protected] | 5.4 | 0.28% | 2025-05-27 | 2026-06-17 |
| CVE-2025-28091 | maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article. | [email protected] | 9.1 | 0.36% | 2025-03-28 | 2026-06-17 |
| CVE-2025-28090 | maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature. | [email protected] | 9.1 | 0.38% | 2025-03-28 | 2026-06-17 |
| CVE-2025-28089 | maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function. | [email protected] | 9.1 | 0.36% | 2025-03-28 | 2026-06-17 |
| CVE-2024-46654 | A stored cross-site scripting (XSS) vulnerability in the Add Scheduled Task module of Maccms10 v2024.1000.4040 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | [email protected] | 4.8 | 0.23% | 2024-09-20 | 2026-06-17 |
| CVE-2024-32391 | Cross Site Scripting vulnerability in MacCMS v.10 v.2024.1000.3000 allows a remote attacker to execute arbitrary code via a crafted payload. | [email protected] | 7.3 | 0.92% | 2024-04-19 | 2026-06-17 |
| CVE-2022-47872 | A Server-Side Request Forgery (SSRF) in maccms10 v2021.1000.2000 allows attackers to force the application to make arbitrary requests via a crafted payload injected into the Name parameter under the Interface address module. | [email protected] | 8.8 | 0.87% | 2023-02-01 | 2026-06-17 |
| CVE-2022-44870 | A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module. | [email protected] | 6.1 | 0.50% | 2023-01-06 | 2026-06-17 |
| CVE-2022-35148 | maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html. | [email protected] | 6.5 | 0.57% | 2022-08-17 | 2026-06-17 |
| CVE-2022-31303 | maccms10 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field. | [email protected] | 5.4 | 0.37% | 2022-06-21 | 2026-06-17 |
| CVE-2022-31302 | maccms8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field. | [email protected] | 5.4 | 0.37% | 2022-06-21 | 2026-06-17 |
| CVE-2021-43707 | Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link_Name parameter. | [email protected] | 6.1 | 0.61% | 2022-03-31 | 2026-06-17 |
| CVE-2022-27887 | Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter. | [email protected] | 6.1 | 0.55% | 2022-03-25 | 2026-06-17 |
| CVE-2022-27886 | Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via the wd parameter. | [email protected] | 6.1 | 0.55% | 2022-03-25 | 2026-06-17 |
| CVE-2022-27885 | Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters. | [email protected] | 6.1 | 0.55% | 2022-03-25 | 2026-06-17 |
| CVE-2022-27884 | Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd parameter. | [email protected] | 6.1 | 0.55% | 2022-03-25 | 2026-06-17 |