Max 3000

max-3000

8 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-3395 1Max 3000 1Maxsite Cms Apr 29, 2026 Mar 1, 2026 5.5 MEDIUM· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A flaw has been found in MaxSite CMS up to 109.1. This impacts the function eval of the file application/maxsite/admin/plugins/editor_markitup/preview-ajax.php of the component MarkItUp Preview AJAX Endpoint. Executing a...Show more A flaw has been found in MaxSite CMS up to 109.1. This impacts the function eval of the file application/maxsite/admin/plugins/editor_markitup/preview-ajax.php of the component MarkItUp Preview AJAX Endpoint. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. The exploit has been published and may be used. Upgrading to version 109.2 will fix this issue. This patch is called 08937a3c5d672a242d68f53e9fccf8a748820ef3. You should upgrade the affected component. The code maintainer was informed beforehand about the issues. He reacted very fast and highly professional.Show less
CVE-2025-12347 1Max 3000 1Maxsite Cms Apr 29, 2026 Oct 28, 2025 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A flaw has been found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editor_files/save-file-ajax.php. Executing manipulation of the argument file_path/c...Show more A flaw has been found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editor_files/save-file-ajax.php. Executing manipulation of the argument file_path/content can lead to unrestricted upload. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-12346 1Max 3000 1Maxsite Cms Apr 29, 2026 Oct 28, 2025 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was detected in MaxSite CMS up to 109. This vulnerability affects unknown code of the file application/maxsite/admin/plugins/auto_post/uploads-require-maxsite.php of the component HTTP Header Handler. Per...Show more A vulnerability was detected in MaxSite CMS up to 109. This vulnerability affects unknown code of the file application/maxsite/admin/plugins/auto_post/uploads-require-maxsite.php of the component HTTP Header Handler. Performing manipulation of the argument X-Requested-FileName/X-Requested-FileUpDir results in unrestricted upload. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2022-25413 1Max 3000 1Maxsite Cms Nov 21, 2024 Feb 28, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Maxsite CMS v108 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_tags at /admin/page_edit/3.
CVE-2022-25412 1Max 3000 1Maxsite Cms Nov 21, 2024 Feb 28, 2022 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 Maxsite CMS v180 was discovered to contain multiple arbitrary file deletion vulnerabilities in /admin_page/all-files-update-ajax.php via the dir and deletefile parameters.
CVE-2022-25411 1Max 3000 1Maxsite Cms Nov 21, 2024 Feb 28, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-25410 1Max 3000 1Maxsite Cms Nov 21, 2024 Feb 28, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Maxsite CMS v180 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_file_description at /admin/files.
CVE-2021-27983 1Max 3000 1Maxsite Cms Nov 21, 2024 Dec 10, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 via the Documents page.