PT-2026-22504 · Markitup+1 · Markitup+1

Mrsolo404

+1

·

Published

2026-03-01

·

Updated

2026-03-06

·

CVE-2026-3395

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions MaxSite CMS versions up to 109.1
Description A code injection issue exists in MaxSite CMS due to a flaw in the eval function within the file application/maxsite/admin/plugins/editor markitup/preview-ajax.php of the MarkItUp Preview AJAX Endpoint component. Remote attackers can exploit this to inject code. The exploit has been published and is potentially being used in attacks.
Recommendations Upgrade MaxSite CMS to version 109.2 to resolve this issue.

Exploit

Fix

Special Elements Injection

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-3395

Affected Products

Markitup
Maxsite Cms