CVE-2026-7012

Name of the Vulnerable Software and Affected Versions MaxSite CMS versions prior to 109.4

Description An issue exists in the Redirect Plugin where the manipulation of the f all or f all404 arguments allows for cross-site scripting (XSS), a condition where malicious scripts are injected into trusted websites. This occurs due to a lack of filtering via the htmlspecialchars() function, which is used to convert special characters to HTML entities to prevent the browser from interpreting them as code. The attack can be executed remotely.

Recommendations Upgrade to version 109.4.