CVE-2026-7015

Name of the Vulnerable Software and Affected Versions MaxSite CMS versions prior to 109.4

Description A cross-site scripting issue exists in the Guestbook Plugin component due to improper processing of the f text, f slug, f limit, and f email arguments. This occurs because of a lack of filtering via the htmlspecialchars() function, which is used to convert special characters to HTML entities to prevent the browser from interpreting them as code. This flaw allows a remote attacker to execute malicious scripts.

Recommendations Update to version 109.4.