Aggregates CVE and security vulnerability intelligence across all maianmedia-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk cross-site scripting; exposure may include vendor impact session compromise in vendor surface production workloads and vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-41421 | A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker to gain RCE through the MaianAffiliate admin panel. | [email protected] | 4.8 | 0.24% | 2022-06-16 | 2024-11-21 |
| CVE-2021-41420 | A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker for arbitrary JavaScript code execution in the context of authenticated and unauthenticated users through the MaianAffiliate admin panel. | [email protected] | 5.4 | 1.44% | 2022-06-16 | 2024-11-21 |
| CVE-2021-39402 | MaianAffiliate v.1.0 is suffers from code injection by adding a new product via the admin panel. The injected payload is reflected on the affiliate main page for all authenticated and unauthenticated visitors. | [email protected] | 7.2 | 0.89% | 2021-09-20 | 2024-11-21 |