Kpa1On

**Name of the Vulnerable Software and Affected Versions** Maccms version 10 **Description** The issue is related to multiple reflected cross-site scripting (XSS) vulnerabilities. These vulnerabilities are found in the /admin.php/admin/art/data.html endpoint via the `select` and `input` parameters. **Recommendations** For Maccms version 10, consider disabling access to the /admin.php/admin/art/data.html endpoint until a fix is available. As a temporary workaround, restrict the use of the `select` and `input` parameters in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Maccms version 10 **Description** A reflected cross-site scripting (XSS) issue was found in the /admin.php/admin/plog/index.html endpoint via the `wd` parameter. This allows for potential malicious script injection and execution. **Recommendations** For Maccms version 10, as a temporary workaround, consider restricting access to the /admin.php/admin/plog/index.html endpoint until a patch is available. Avoid using the `wd` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Maccms version 10 **Description** The issue concerns multiple reflected cross-site scripting (XSS) vulnerabilities. These vulnerabilities are located in the `/admin.php/admin/website/data.html` endpoint via the `select` and `input` parameters. **Recommendations** For Maccms version 10, consider restricting access to the `/admin.php/admin/website/data.html` endpoint until a fix is available. As a temporary workaround, avoid using the `select` and `input` parameters in this endpoint to minimize the risk of exploitation.