MaxSite CMS > V106 - Cross-Site Scripting

A reflected cross-site scripting vulnerability in MaxSite CMS before V106 via product/page/ allows remote attackers to inject arbitrary web script to a page." id: CVE-2021-35265 info: name: MaxSite CMS V106 - Cross-Site Scripting author: pikpikcu severity: medium description: | A reflected...

CVE-2026-37700

Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...

CVE-2026-37700

Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...

CVE-2026-37700

MaxSite CMS v.109.2 is affected by a Cross Site Scripting (XSS) vulnerability via the Backend page file upload endpoint used by admin_page. The CVE-2026-37700 description states an attacker can obtain sensitive information through this endpoint. CVSS v3.1 score is 4.1 (Medium); attack vector Netw...

PT-2026-46059

Name of the Vulnerable Software and Affected Versions MaxSite CMS version 109.2 Description A Cross Site Scripting issue allows a remote attacker to obtain sensitive information. This occurs via the Backend page file upload endpoint used by admin page. Recommendations At the moment, there is no...

EUVD-2026-34180

Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...

CVE-2026-37700

Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...

CVE-2026-37700

Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...

MaxSite CMS 安全漏洞

MaxSite CMS is an open-source website content management system developed by MaxSite in Russia. Version 109.2 of MaxSite CMS has a security vulnerability. This vulnerability stems from a cross-site scripting vulnerability in the backend page file upload endpoint, which could allow remote attacker...

CVE-2026-37700

Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...

CVE-2026-7015

A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects some unknown processing of the component Guestbook Plugin. Such manipulation of the argument ftext/fslug/flimit/femail leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed t...

CVE-2026-7014

A flaw has been found in MaxSite CMS up to 109.3. This vulnerability affects unknown code of the component downcount Plugin. This manipulation of the argument ffile/fprefix causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading...

CVE-2026-7012

A vulnerability was detected in MaxSite CMS up to 109.3. This affects an unknown part of the component Redirect Plugin. The manipulation of the argument fall/fall404 results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to versi...

CVE-2026-7016

A vulnerability was found in MaxSite CMS up to 109.3. Impacted is an unknown function of the component ushki Plugin. Performing a manipulation of the argument fushkanew/fushk results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could...

CVE-2026-7011

A weakness has been identified in MaxSite CMS up to 109.3. Affected by this vulnerability is an unknown functionality of the file /admin/pluginantispam of the component Antispam Plugin. Executing a manipulation of the argument floggingfile can lead to cross site scripting. It is possible to launc...

CVE-2026-7013

A security vulnerability has been detected in MaxSite CMS up to 109.3. Affected by this issue is some unknown functionality of the component mailsend Plugin. The manipulation of the argument fsubject/ffiles/ffrom leads to cross site scripting. The attack can be initiated remotely. The exploit has...

CVE-2026-7016

A vulnerability was found in MaxSite CMS up to 109.3. Impacted is an unknown function of the component ushki Plugin. Performing a manipulation of the argument fushkanew/fushk results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could...

CVE-2026-7015

A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects some unknown processing of the component Guestbook Plugin. Such manipulation of the argument ftext/fslug/flimit/femail leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed t...

CVE-2026-7013

A security vulnerability has been detected in MaxSite CMS up to 109.3. Affected by this issue is some unknown functionality of the component mailsend Plugin. The manipulation of the argument fsubject/ffiles/ffrom leads to cross site scripting. The attack can be initiated remotely. The exploit has...

CVE-2026-7014

A flaw has been found in MaxSite CMS up to 109.3. This vulnerability affects unknown code of the component downcount Plugin. This manipulation of the argument ffile/fprefix causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading...