CVE-2025-15632 | 1Panel-dev MaxKB up to 2.4.2 MdPreview ui/src/chat.ts cross site scripting

A vulnerability categorized as problematic has been discovered in 1Panel-dev MaxKB up to 2.4.2. Impacted is an unknown function of the file ui/src/chat.ts of the component MdPreview. Such manipulation leads to cross site scripting.

This vulnerability is documented as CVE-2025-15632. The attack can be executed remotely. Additionally, an exploit exists.

It is advisable to upgrade the affected component.

The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

CVE-2025-15632 | 1Panel-dev MaxKB up to 2.4.2 MdPreview ui/src/chat.ts cross site scripting

Post correlati

CVE-2024-10290 | ZZCMS 2023 inc.php information disclosure

CVE-2024-5025 | Memberpress Plugin up to 1.11.29 on WordPress arglist cross site scripting

CVE-2025-41724 | Sauter EY-modulo 5 ecos 5 ecos505 up to 3.1.x Incomplete SOAP Request failure to handle incomplete element (vde-2025-060)

CVE-2022-41545 | Netgear C7800 6.01.07 Administrative Web Interface cleartext transmission