CVE-2026-7016 | MaxSite CMS up to 109.3 ushki Plugin f_ushka_new/f_ushk cross site scripting

A vulnerability was found in MaxSite CMS up to 109.3. It has been classified as problematic. Impacted is an unknown function of the component ushki Plugin. Performing a manipulation of the argument f_ushka_new/f_ushk results in cross site scripting.

This vulnerability is known as CVE-2026-7016. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

Upgrading the affected component is recommended.

The vendor was informed early about this issue. They classify it as a “Self-XSS”. They deployed a countermeasure: “Nevertheless, we consider this a violation of secure coding standards. The lack of filtering via `htmlspecialchars()` has already been fixed in the latest patch to prevent incorrect data display.”

CVE-2026-7016 | MaxSite CMS up to 109.3 ushki Plugin f_ushka_new/f_ushk cross site scripting

Post correlati

CVE-2024-12426 | Document Foundation LibreOffice up to 24.8.3 Environmental Variable information disclosure

CVE-2024-50054 | mySCADA myPRO Backend filename path traversal (icsa-24-326-07)

CVE-2024-9660 | dasinfomedia School Management System Plugin up to 91.5.0 on WordPress mj_smgt_load_documets_new/mj_smgt_load_documets unrestricted upload

CVE-2024-28714 | ZhongBangKeJi CRMEB 1.3.4 groupid sql injection