VYPR

Maxsite

by Maxsite

Source repositories

CVEs (9)

  • CVE-2022-25411CriFeb 28, 2022
    risk 0.64cvss 9.8epss 0.03

    A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows attackers to execute arbitrary code via a crafted PHP file.

  • CVE-2025-12347MedOct 28, 2025
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editor_files/save-file-ajax.php. Executing manipulation of the argument file_path/content can lead to unrestricted upload. The attack can be…

  • CVE-2025-12346MedOct 28, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in MaxSite CMS up to 109. This vulnerability affects unknown code of the file application/maxsite/admin/plugins/auto_post/uploads-require-maxsite.php of the component HTTP Header Handler. Performing manipulation of the argument…

  • CVE-2026-37700MedJun 3, 2026
    risk 0.27cvss 4.1epss 0.00

    Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by admin_page

  • CVE-2026-7016LowApr 26, 2026
    risk 0.09cvss 2.4epss 0.00

    A vulnerability was found in MaxSite CMS up to 109.3. Impacted is an unknown function of the component ushki Plugin. Performing a manipulation of the argument f_ushka_new/f_ushk results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been…

  • CVE-2026-7015LowApr 26, 2026
    risk 0.09cvss 2.4epss 0.00

    A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects some unknown processing of the component Guestbook Plugin. Such manipulation of the argument f_text/f_slug/f_limit/f_email leads to cross site scripting. The attack may be launched remotely. The…

  • CVE-2026-7012LowApr 26, 2026
    risk 0.09cvss 2.4epss 0.00

    A vulnerability was detected in MaxSite CMS up to 109.3. This affects an unknown part of the component Redirect Plugin. The manipulation of the argument f_all/f_all404 results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be…

  • CVE-2026-7011LowApr 26, 2026
    risk 0.09cvss 2.4epss 0.00

    A weakness has been identified in MaxSite CMS up to 109.3. Affected by this vulnerability is an unknown functionality of the file /admin/plugin_antispam of the component Antispam Plugin. Executing a manipulation of the argument f_logging_file can lead to cross site scripting. It…

  • CVE-2008-2487May 28, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in MAXSITE 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter in a webboard action.