Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by admin_page