CVE-2026-7011 | MaxSite CMS up to 109.3 Antispam Plugin /admin/plugin_antispam f_logging_file cross site scripting

A vulnerability classified as problematic was found in MaxSite CMS up to 109.3. Affected by this vulnerability is an unknown functionality of the file /admin/plugin_antispam of the component Antispam Plugin. Executing a manipulation of the argument f_logging_file can lead to cross site scripting.

This vulnerability is registered as CVE-2026-7011. It is possible to launch the attack remotely. Furthermore, an exploit is available.

Upgrading the affected component is advised.

The vendor was informed early about this issue. They classify it as a “Self-XSS”. They deployed a countermeasure: “Nevertheless, we consider this a violation of secure coding standards. The lack of filtering via `htmlspecialchars()` has already been fixed in the latest patch to prevent incorrect data display.”VulDB Recent EntriesRead More