{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-21T06:29:04.677","vulnerabilities":[{"cve":{"id":"CVE-2026-3395","sourceIdentifier":"cna@vuldb.com","published":"2026-03-01T14:16:05.960","lastModified":"2026-06-17T10:43:31.747","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw has been found in MaxSite CMS up to 109.1. This impacts the function eval of the file application/maxsite/admin/plugins/editor_markitup/preview-ajax.php of the component MarkItUp Preview AJAX Endpoint. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. The exploit has been published and may be used. Upgrading to version 109.2 will fix this issue. This patch is called 08937a3c5d672a242d68f53e9fccf8a748820ef3. You should upgrade the affected component. The code maintainer was informed beforehand about the issues. He reacted very fast and highly professional."},{"lang":"es","value":"Se ha encontrado una vulnerabilidad en MaxSite CMS hasta la versión 109.1, la cual afecta a la función eval del archivo application/maxsite/admin/plugins/editor_markitup/preview-ajax.php del componente MarkItUp Preview AJAX Endpoint. Si se manipula se puede provocar una inyección de código. Es posible lanzar el ataque de forma remota. El exploit ha sido publicado y puede ser utilizado. La actualización a la versión 109.2 solucionará este problema. Este parche se llama 08937a3c5d672a242d68f53e9fccf8a748820ef3. Debería actualizar el componente afectado. Se informó previamente al mantenedor del código sobre los problemas. Reaccionó muy rápido y de manera muy profesional."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"MaxSite","product":"CMS","modules":["MarkItUp Preview AJAX Endpoint"],"versions":[{"version":"109.0","status":"affected"},{"version":"109.1","status":"affected"},{"version":"109.2","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-02T17:45:39.803527Z","id":"CVE-2026-3395","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-94"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:max-3000:maxsite_cms:*:*:*:*:*:*:*:*","versionEndExcluding":"109.2","matchCriteriaId":"A57592D5-4449-4F41-9DE8-DF5B64175D55"}]}]}],"references":[{"url":"https://github.com/maxsite/cms/","source":"cna@vuldb.com","tags":["Product"]},{"url":"https://github.com/maxsite/cms/commit/08937a3c5d672a242d68f53e9fccf8a748820ef3","source":"cna@vuldb.com","tags":["Patch"]},{"url":"https://vuldb.com/?ctiid.348281","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]},{"url":"https://vuldb.com/?id.348281","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/?submit.762169","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]}]}}]}