PT-2026-35178 · Unknown+1 · Maxsite Cms+1

Konchan

Published

2026-04-26

Updated

2026-05-23

CVE-2026-7011

CVSS v2.0

3.3

Low

Vector

AV:N/AC:L/Au:M/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions MaxSite CMS versions prior to 109.4

Description A weakness exists in the Antispam Plugin component within the '/admin/plugin antispam' file. A remote attacker can perform a manipulation of the f logging file argument to execute cross-site scripting (XSS), which occurs when an application includes untrusted data in a web page without proper validation or encoding. This issue is caused by a lack of filtering via the htmlspecialchars() function, allowing attackers to bypass output encoding.

Recommendations Upgrade to version 109.4. As a temporary workaround, restrict access to the '/admin/plugin antispam' file to minimize the risk of exploitation.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2026-7011

Affected Products

Antispam Plugin

Maxsite Cms

PT-2026-35178 · Unknown+1 · Maxsite Cms+1

CVE-2026-7011

Weakness Enumeration

Related Identifiers

Affected Products

References · 16