CVE-2026-7015

MaxSite CMS (up to 109.3) is affected via the Guestbook Plugin due to improper handling of f_text, f_slug, f_limit, and f_email, enabling cross-site scripting. The issue can be exploited remotely and the public exploit has been disclosed. A fixed patch is available in version 109.4, with patch id...

MaxSite CMS 跨站脚本漏洞

MaxSite CMS is an open-source website content management system developed by MaxSite in Russia. Versions of MaxSite CMS starting from 109.3 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from operations with the ftext/fslug/flimit/femail parameters in the Guestbo...