VYPR
Vendor

Maxsite

Products
2
CVEs
10
Across products
10
Status
Private

Products

2

Recent CVEs

10
  • CVE-2022-25411CriFeb 28, 2022
    risk 0.64cvss 9.8epss 0.03

    A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows attackers to execute arbitrary code via a crafted PHP file.

  • CVE-2025-12347MedOct 28, 2025
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editor_files/save-file-ajax.php. Executing manipulation of the argument file_path/content can lead to unrestricted upload. The attack can be…

  • CVE-2025-12346MedOct 28, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in MaxSite CMS up to 109. This vulnerability affects unknown code of the file application/maxsite/admin/plugins/auto_post/uploads-require-maxsite.php of the component HTTP Header Handler. Performing manipulation of the argument…

  • CVE-2026-37700MedJun 3, 2026
    risk 0.27cvss 4.1epss 0.00

    Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by admin_page

  • CVE-2026-7016LowApr 26, 2026
    risk 0.09cvss 2.4epss 0.00

    A vulnerability was found in MaxSite CMS up to 109.3. Impacted is an unknown function of the component ushki Plugin. Performing a manipulation of the argument f_ushka_new/f_ushk results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been…

  • CVE-2026-7015LowApr 26, 2026
    risk 0.09cvss 2.4epss 0.00

    A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects some unknown processing of the component Guestbook Plugin. Such manipulation of the argument f_text/f_slug/f_limit/f_email leads to cross site scripting. The attack may be launched remotely. The…

  • CVE-2026-7012LowApr 26, 2026
    risk 0.09cvss 2.4epss 0.00

    A vulnerability was detected in MaxSite CMS up to 109.3. This affects an unknown part of the component Redirect Plugin. The manipulation of the argument f_all/f_all404 results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be…

  • CVE-2026-7011LowApr 26, 2026
    risk 0.09cvss 2.4epss 0.00

    A weakness has been identified in MaxSite CMS up to 109.3. Affected by this vulnerability is an unknown functionality of the file /admin/plugin_antispam of the component Antispam Plugin. Executing a manipulation of the argument f_logging_file can lead to cross site scripting. It…

  • CVE-2008-6446Mar 9, 2009
    risk 0.03cvss epss 0.02

    Static code injection vulnerability in the Guestbook component in CMS MAXSITE allows remote attackers to inject arbitrary PHP code into the guestbook via the message parameter.

  • CVE-2008-2487May 28, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in MAXSITE 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter in a webboard action.