PT-2026-35198 · Unknown+1 · Maxsite Cms+1
Konchan
·
Published
2026-04-26
·
Updated
2026-04-26
·
CVE-2026-7016
CVSS v2.0
3.3
Low
| Vector | AV:N/AC:L/Au:M/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
MaxSite CMS versions prior to 109.4
Description
A cross-site scripting issue exists in the ushki Plugin. Manipulation of the
f ushka new/f ushk argument allows remote exploitation due to a lack of filtering via the htmlspecialchars() function, which is used to convert special characters to HTML entities to prevent the browser from interpreting them as code.Recommendations
Update to version 109.4.
Exploit
Fix
Code Injection
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Maxsite Cms
Ushki Plugin