125 matches found
CVE-2026-37700
Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...
CVE-2026-37700
Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...
CVE-2026-37700
Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...
CVE-2026-37700
Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...
CVE-2026-37700
Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...
CVE-2026-37700
MaxSite CMS v.109.2 is affected by a Cross Site Scripting (XSS) vulnerability via the Backend page file upload endpoint used by admin_page. The CVE-2026-37700 description states an attacker can obtain sensitive information through this endpoint. CVSS v3.1 score is 4.1 (Medium); attack vector Netw...
EUVD-2026-34180
Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...
PT-2026-46059
Name of the Vulnerable Software and Affected Versions MaxSite CMS version 109.2 Description A Cross Site Scripting issue allows a remote attacker to obtain sensitive information. This occurs via the Backend page file upload endpoint used by admin page. Recommendations At the moment, there is no...
MaxSite CMS 安全漏洞
MaxSite CMS is an open-source website content management system developed by MaxSite in Russia. Version 109.2 of MaxSite CMS has a security vulnerability. This vulnerability stems from a cross-site scripting vulnerability in the backend page file upload endpoint, which could allow remote attacker...
CVE-2026-7015
A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects some unknown processing of the component Guestbook Plugin. Such manipulation of the argument ftext/fslug/flimit/femail leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed t...
CVE-2026-7014
A flaw has been found in MaxSite CMS up to 109.3. This vulnerability affects unknown code of the component downcount Plugin. This manipulation of the argument ffile/fprefix causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading...
CVE-2026-7013
A security vulnerability has been detected in MaxSite CMS up to 109.3. Affected by this issue is some unknown functionality of the component mailsend Plugin. The manipulation of the argument fsubject/ffiles/ffrom leads to cross site scripting. The attack can be initiated remotely. The exploit has...
CVE-2026-7016
A vulnerability was found in MaxSite CMS up to 109.3. Impacted is an unknown function of the component ushki Plugin. Performing a manipulation of the argument fushkanew/fushk results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could...
CVE-2026-7013
A security vulnerability has been detected in MaxSite CMS up to 109.3. Affected by this issue is some unknown functionality of the component mailsend Plugin. The manipulation of the argument fsubject/ffiles/ffrom leads to cross site scripting. The attack can be initiated remotely. The exploit has...
CVE-2026-7014
A flaw has been found in MaxSite CMS up to 109.3. This vulnerability affects unknown code of the component downcount Plugin. This manipulation of the argument ffile/fprefix causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading...
CVE-2026-7016 MaxSite CMS ushki Plugin cross site scripting
A vulnerability was found in MaxSite CMS up to 109.3. Impacted is an unknown function of the component ushki Plugin. Performing a manipulation of the argument fushkanew/fushk results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could...
CVE-2026-7016 MaxSite CMS ushki Plugin cross site scripting
A vulnerability was found in MaxSite CMS up to 109.3. Impacted is an unknown function of the component ushki Plugin. Performing a manipulation of the argument fushkanew/fushk results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could...
CVE-2026-7016
CVE-2026-7016 concerns MaxSite CMS (up to 109.3) via the ushki Plugin. The vulnerability is a Cross-Site Scripting flaw caused by improper filtering of arguments f_ushka_new/f_ushk, allowing remote exploitation. The issue has been publicly disclosed and is exploitable in practice, with the exploi...
CVE-2026-7015 MaxSite CMS Guestbook Plugin cross site scripting
A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects some unknown processing of the component Guestbook Plugin. Such manipulation of the argument ftext/fslug/flimit/femail leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed t...
CVE-2026-7015
MaxSite CMS (up to 109.3) is affected via the Guestbook Plugin due to improper handling of f_text, f_slug, f_limit, and f_email, enabling cross-site scripting. The issue can be exploited remotely and the public exploit has been disclosed. A fixed patch is available in version 109.4, with patch id...