Jelly0930

**Name of the Vulnerable Software and Affected Versions** maccms version 10 **Description** The issue allows an attacker to gain privileges by logging in through the /index.php/user/login endpoint, specifically by exploiting the `col` and `openid` parameters. **Recommendations** For maccms version 10, consider restricting access to the /index.php/user/login endpoint until a fix is available, and avoid using the `col` and `openid` parameters in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** maccms version 10 **Description** The issue is a stored Cross Site Scripting (XSS) vulnerability that occurs when adding videos. This allows XSS code to be inserted at parameter positions, including the `name` and `remarks` parameters. **Recommendations** For maccms version 10, avoid using the `name` and `remarks` parameters in the video addition feature until a fix is available. As a temporary workaround, consider restricting access to the video addition feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.