CVE-2026-39422 | 1Panel-dev MaxKB up to 2.7.x Public Chat Interface /ui/chat/ name/icon cross site scripting (GHSA-wf7p-3jq5-q52w)

Inserito da Angelo Barbosa | Apr 14, 2026 | CVE

A vulnerability identified as problematic has been detected in 1Panel-dev MaxKB up to 2.7.x. This impacts an unknown function of the file /ui/chat/ of the component Public Chat Interface. This manipulation of the argument name/icon causes cross site scripting.

The identification of this vulnerability is CVE-2026-39422. It is possible to initiate the attack remotely. There is no exploit available.

You should upgrade the affected component.

CVE-2026-39422 | 1Panel-dev MaxKB up to 2.7.x Public Chat Interface /ui/chat/ name/icon cross site scripting (GHSA-wf7p-3jq5-q52w)

Post correlati

CVE-2025-10594 | SourceCodester Online Student File Management System 1.0 delete_student.php stud_id sql injection

CVE-2024-4669 | Events Addon for Elementor Plugin up to 2.1.4 on WordPress Widgets cross site scripting

CVE-2025-34052 | AVTECH IP Cameras/DVR/NVR Machine.cgi?action=get_capability information disclosure (Exploit 40500 / EDB-40500)

CVE-2024-22297 | Codeboxr CBX Map for Google Map & OpenStreetMap Plugin up to 1.1.11 on WordPress cross site scripting