Trepverterless

Name of the Vulnerable Software and Affected Versions: Maccms version 8.0 Description: A cross-site request forgery (CSRF) issue allows attackers to trick administrators into adding and modifying articles without their knowledge by clicking on a crafted URL. Recommendations: For Maccms version 8.0, consider implementing measures to validate user requests and ensure that actions are intentionally initiated by administrators, such as using tokens to verify the authenticity of requests. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Maccms version 8.0 Description: A cross-site scripting (XSS) vulnerability in the background administrator article management module allows attackers to steal administrator and user cookies via crafted payloads in the text fields for Chinese and English names, such as `Chinese name` and `English name`. Recommendations: For Maccms version 8.0, consider disabling the background administrator article management module until a patch is available. Restrict access to the text fields for Chinese and English names to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.