Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/04/27 7:23 p.m.13 views

CVE-2026-7011

A weakness has been identified in MaxSite CMS up to 109.3. Affected by this vulnerability is an unknown functionality of the file /admin/pluginantispam of the component Antispam Plugin. Executing a manipulation of the argument floggingfile can lead to cross site scripting. It is possible to launc...

4.8CVSS3.1AI score0.00269EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/26 3:15 a.m.5 views

CVE-2026-7016

A vulnerability was found in MaxSite CMS up to 109.3. Impacted is an unknown function of the component ushki Plugin. Performing a manipulation of the argument fushkanew/fushk results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could...

4.8CVSS4AI score0.00215EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/04/26 2:45 a.m.6 views

EUVD-2026-25691

A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects some unknown processing of the component Guestbook Plugin. Such manipulation of the argument ftext/fslug/flimit/femail leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed t...

4.8CVSS3AI score0.00215EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/26 2:45 a.m.32 views

CVE-2026-7015 MaxSite CMS Guestbook Plugin cross site scripting

A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects some unknown processing of the component Guestbook Plugin. Such manipulation of the argument ftext/fslug/flimit/femail leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed t...

4.8CVSS0.00215EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/26 2:0 a.m.3 views

CVE-2026-7013

A security vulnerability has been detected in MaxSite CMS up to 109.3. Affected by this issue is some unknown functionality of the component mailsend Plugin. The manipulation of the argument fsubject/ffiles/ffrom leads to cross site scripting. The attack can be initiated remotely. The exploit has...

4.8CVSS3.7AI score0.00215EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/04/26 2:0 a.m.9 views

EUVD-2026-25689

A security vulnerability has been detected in MaxSite CMS up to 109.3. Affected by this issue is some unknown functionality of the component mailsend Plugin. The manipulation of the argument fsubject/ffiles/ffrom leads to cross site scripting. The attack can be initiated remotely. The exploit has...

4.8CVSS2.9AI score0.00215EPSS
Exploits0References7
OSV
OSV
added 2026/04/26 1:15 a.m.3 views

CVE-2026-7012 MaxSite CMS Redirect Plugin cross site scripting

A vulnerability was detected in MaxSite CMS up to 109.3. This affects an unknown part of the component Redirect Plugin. The manipulation of the argument fall/fall404 results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to versi...

4.8CVSS4.3AI score0.00291EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/04/26 12:0 a.m.15 views

MaxSite CMS 跨站脚本漏洞

MaxSite CMS is an open-source website content management system developed by MaxSite in Russia. Versions of MaxSite CMS starting from 109.3 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from the fushkanew/fushk parameters in the ushki Plugin component, which cou...

4.8CVSS5.6AI score0.00215EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/01 2:2 p.m.4 views

CVE-2026-3395 MaxSite CMS MarkItUp Preview AJAX Endpoint preview-ajax.php eval code injection

A flaw has been found in MaxSite CMS up to 109.1. This impacts the function eval of the file application/maxsite/admin/plugins/editormarkitup/preview-ajax.php of the component MarkItUp Preview AJAX Endpoint. Executing a manipulation can lead to code injection. It is possible to launch the attack...

7.5CVSS5.6AI score0.00486EPSS
Exploits1References5
CVE
CVE
added 2025/10/28 2:2 a.m.18 views

CVE-2025-12347

CVE-2025-12347 affects MaxSite CMS up to version 109. The vulnerability resides in the interactive handling of file_path/content in the file application/maxsite/admin/plugins/editor_files/save-file-ajax.php, where manipulation can lead to unrestricted file uploads. Exploitation can be performed r...

8.8CVSS6.2AI score0.0036EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.7 views

PT-2025-44083

Name of the Vulnerable Software and Affected Versions MaxSite CMS versions prior to 110 Description A flaw exists in MaxSite CMS that allows for unrestricted file uploads. This issue is related to the processing of the file path and content arguments within the file...

8.8CVSS6.3AI score0.0036EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2022/02/28 11:15 p.m.7 views

CVE-2022-25412

Maxsite CMS v180 was discovered to contain multiple arbitrary file deletion vulnerabilities in /adminpage/all-files-update-ajax.php via the dir and deletefile parameters...

8.1CVSS7.2AI score0.01042EPSS
Exploits1References2
Rows per page
Query Builder