CVE-2026-7014 | MaxSite CMS up to 109.3 down_count Plugin f_file/f_prefix cross site scripting

A vulnerability has been found in MaxSite CMS up to 109.3 and classified as problematic. This vulnerability affects unknown code of the component down_count Plugin. This manipulation of the argument f_file/f_prefix causes cross site scripting.

This vulnerability appears as CVE-2026-7014. The attack may be initiated remotely. In addition, an exploit is available.

The affected component should be upgraded.

The vendor was informed early about this issue. They classify it as a “Self-XSS”. They deployed a countermeasure: “Nevertheless, we consider this a violation of secure coding standards. The lack of filtering via `htmlspecialchars()` has already been fixed in the latest patch to prevent incorrect data display.”

CVE-2026-7014 | MaxSite CMS up to 109.3 down_count Plugin f_file/f_prefix cross site scripting

Post correlati

CVE-2025-11615 | SourceCodester Best Salon Management System 1.0 /panel/add_invoice.php ServiceId sql injection

CVE-2024-48341 | dingfanzu CMS 1.0 doAdminAction.php?act=addShop cross-site request forgery

CVE-2025-7789 | Xuxueli xxl-job up to 3.1.1 Token Generation IndexController.java makeToken weak password hash (Issue 3751)

CVE-2026-22782 | RustFS up to 1.0.0-alpha.79 http_auth.rs log file