CVE Catalog

CVE-2026-37700

MediumCVSS 4.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

8th percentile - higher than 8% of all known CVEs

Summary

A Cross Site Scripting (XSS) vulnerability in MaxSite CMS version 109.2 allows a remote attacker to steal sensitive information via the file upload endpoint on the backend page used by the admin.

Risk Assessment

An attacker can steal administrator credentials or other confidential data, potentially leading to full compromise of the CMS system.

Recommendation

Immediately update MaxSite CMS to the latest available version and implement input validation and sanitization mechanisms for the file upload endpoint.

Original NVD description (English source)

Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by admin_page

Vulnerability data from NVD (NIST) · CISA KEV · EPSS