CVE-2026-37700
MediumCVSS 4.1Exploitation Probability (EPSS)
Low risk8th percentile - higher than 8% of all known CVEs
Summary
A Cross Site Scripting (XSS) vulnerability in MaxSite CMS version 109.2 allows a remote attacker to steal sensitive information via the file upload endpoint on the backend page used by the admin.
Risk Assessment
An attacker can steal administrator credentials or other confidential data, potentially leading to full compromise of the CMS system.
Recommendation
Immediately update MaxSite CMS to the latest available version and implement input validation and sanitization mechanisms for the file upload endpoint.
Original NVD description (English source)
Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by admin_page

