CVE-2022-44870

MEDIUM

maccms10 v2022.1000.3032 - Reflected Cross-Site Scripting via AD Management Name Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-44870. PoCs published by Cedric1314.

AI-analyzed exploit summary This repository documents a stored XSS vulnerability in Maccms 10 (V2021.1000.2000) where an attacker can inject malicious JavaScript via the 'cat_title' parameter in the admin banner management interface. The PoC demonstrates the vulnerability but does not include executable exploit code.

Description

A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module.

Exploits (1)

nomisec WRITEUP 2 stars
by Cedric1314 · poc
https://github.com/Cedric1314/CVE-2022-44870

This repository documents a stored XSS vulnerability in Maccms 10 (V2021.1000.2000) where an attacker can inject malicious JavaScript via the 'cat_title' parameter in the admin banner management interface. The PoC demonstrates the vulnerability but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Maccms 10 (V2021.1000.2000)
Auth required
Prerequisites: Admin access to the Maccms backend
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Issue Tracking, Third Party Advisory
https://github.com/magicblack/maccms10/issues/986

Scores

CVSS v3 6.1
EPSS 0.0050
EPSS Percentile 38.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
maccms/maccms 10.0 2022.1000.3032
Published Jan 06, 2023
Tracked Since Feb 18, 2026