CVE-2022-27884

Name of the Vulnerable Software and Affected Versions Maccms version 10

Description A reflected cross-site scripting (XSS) issue was found in the /admin.php/admin/plog/index.html endpoint via the wd parameter. This allows for potential malicious script injection and execution.

Recommendations For Maccms version 10, as a temporary workaround, consider restricting access to the /admin.php/admin/plog/index.html endpoint until a patch is available. Avoid using the wd parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.