Primary

Context

MaxSite CMS Cross-Site Scripting Vulnerability in ushki Plugin

Vulnerability

Patched

A cross-site scripting (XSS) vulnerability has been identified in MaxSite CMS versions prior to 109.4, specifically within the ushki plugin. The issue arises from an unknown function that fails to properly sanitize user input in the f_ushka_new and f_ushk arguments, allowing attackers to inject malicious scripts. This vulnerability is stored, meaning it does not require repeated interaction to exploit and can affect multiple users. The exploitation is remote and has been made public.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected scripts are executed in the context of the user.

Remediation

Users are advised to upgrade to MaxSite CMS version 109.4 or later. The latest version can be downloaded from the MaxSite CMS GitHub repository.

Added: Apr 26, 2026, 4:19 AM

Updated: Apr 26, 2026, 4:19 AM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.7

exploitability

6.5

remediation

7.7

relevance

6.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.7

exploitability

6.5

remediation

7.7

relevance

6.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MaxSite CMS Cross-Site Scripting Vulnerability in ushki Plugin

Vulnerability

Impact

Remediation

Affected Products

MaxSite CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating