PT-2026-35195 · Cms Maxsite+1 · Countdown+1

Konchan

Published

2026-04-26

Updated

2026-04-26

CVE-2026-7014

CVSS v2.0

3.3

Low

Vector

AV:N/AC:L/Au:M/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions MaxSite CMS versions prior to 109.4

Description A flaw in the down count plugin allows for cross-site scripting (XSS) via the manipulation of the f file and f prefix arguments. This issue occurs due to a lack of filtering using the htmlspecialchars() function, which is used to convert special characters to HTML entities to prevent the browser from interpreting them as code.

Recommendations Upgrade to version 109.4.

Exploit

Fix

Code Injection

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-79

Related Identifiers

CVE-2026-7014

Affected Products

Maxsite Cms

Countdown

PT-2026-35195 · Cms Maxsite+1 · Countdown+1

CVE-2026-7014

Weakness Enumeration

Related Identifiers

Affected Products

References · 11