216.73.217.22

CVE-2026-3395

· Published 01/03/2026 14:16 · Modified 02/03/2026 20:30

Labels: CVE-2026-3395 2026-03-01CVE-2026-3395CWE-74[email protected]

Essential information

Published
01/03/2026 14:16
Modified
02/03/2026 20:30
Author
Creator
CVSS
6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A flaw has been found in MaxSite CMS up to 109.1. This impacts the function eval of the file application/maxsite/admin/plugins/editor_markitup/preview-ajax.php of the component MarkItUp Preview AJAX Endpoint. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. The exploit has been published and may be used. Upgrading to version 109.2 will fix this issue. This patch is called 08937a3c5d672a242d68f53e9fccf8a748820ef3. You should upgrade the affected component. The code maintainer was informed beforehand about the issues. He reacted very fast and highly professional.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
maxsite / cms cpe:2.3:a:maxsite:cms:<109.2:*:*:*:*:*:*:*
maxsite / cms cpe:2.3:a:maxsite:cms:*:109.1:*:*:*:*:*:*

References