Cross Site Scripting Flaw in Maxsite CMS by Maxsite
CVE-2023-36291

6.1MEDIUM

Key Information:

Vendor: Maxsite
Status: Maxsite Cms
Vendor: CVE Published:; 3 July 2023

What is CVE-2023-36291?

A Cross Site Scripting vulnerability exists in Maxsite CMS v.108.7, which permits remote attackers to execute arbitrary code by manipulating the f_content parameter in the admin/page_new file. This flaw can lead to significant security risks, including potential unauthorized access to sensitive data and system takeover, thereby emphasizing the need for timely vulnerability management and patching.

References

https://github.com/maxsite/cms/issues/500

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2023
Vulnerability Reserved
Jun 21, 2023

JSON