CVE-2021-35265

MEDIUM NUCLEI

MaxSite CMS <V106 - XSS

Title source: llm

Description

A reflected cross-site scripting (XSS) vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page.

Nuclei Templates (1)

MaxSite CMS > V106 - Cross-Site Scripting

MEDIUMby pikpikcu

Shodan: html:'content="MaxSite CMS' || http.html:'content="maxsite cms'

FOFA: body='content="maxsite cms'

References (2)

[Patch, Third Party Advisory] https://github.com/maxsite/cms/commit/6b0ab1de9f3d471485d1347e800a9ce43fedbf1a

View Patch ZIP pw:eip

[Exploit, Third Party Advisory] https://github.com/maxsite/cms/issues/414#issue-726249183

Scores

CVSS v3 6.1

EPSS 0.0528

EPSS Percentile 90.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

maxsite/maxsite_cms < 106

Published Aug 03, 2021

Tracked Since Feb 18, 2026