CVE-2026-7014 in MaxSiteИнформация

Сводка

по MITRE • 26.04.2026

A flaw has been found in MaxSite CMS up to 109.3. This vulnerability affects unknown code of the component down_count Plugin. This manipulation of the argument f_file/f_prefix causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading to version 109.4 is able to resolve this issue. Patch name: 8a3946bd0a54bfb72a4d57179fcd253f2c550cd7. The affected component should be upgraded. The vendor was informed early about this issue. They classify it as a "Self-XSS". They deployed a countermeasure: "Nevertheless, we consider this a violation of secure coding standards. The lack of filtering via `htmlspecialchars()` has already been fixed in the latest patch to prevent incorrect data display."

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Ответственный

VulDB

Раскрытие

26.04.2026

Модерация

принято

Вход

VDB-359594

CPE

готов

CWE

CWE-79 (Подтверждённый)

Эксплойт

Скачать

CVSS

2.4 (VulDB)

EPSS

0.00013

KEV

Нет

Деятельности

Очень низкий

Сектор

Agriculture, Lawfirm, ...

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-7014
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-7014
CVE Details	https://www.cvedetails.com/cve/CVE-2026-7014/

◂ Предыдущий Обзор Далее ▸

Do you know our Splunk app?

Download it now for free!