CVE-2026-39425 | 1Panel-dev MaxKB up to 2.7.x Chatbot Interface /admin/api/workspace/ prologue cross site scripting (GHSA-3rq5-pgm7-pvp4)

Inserito da Angelo Barbosa | Apr 14, 2026 | CVE

A vulnerability was found in 1Panel-dev MaxKB up to 2.7.x. It has been classified as problematic. Impacted is an unknown function of the file /admin/api/workspace/ of the component Chatbot Interface. Performing a manipulation of the argument prologue results in basic cross site scripting.

This vulnerability is known as CVE-2026-39425. Remote exploitation of the attack is possible. No exploit is available.

Upgrading the affected component is recommended.

CVE-2026-39425 | 1Panel-dev MaxKB up to 2.7.x Chatbot Interface /admin/api/workspace/ prologue cross site scripting (GHSA-3rq5-pgm7-pvp4)

Post correlati

CVE-2024-25977 | HAWKI session fixiation

CVE-2024-38788 | Bởi Admin 2020 UiPress lite Plugin up to 3.4.06 on WordPress sql injection

CVE-2025-71069 | Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2 d_move depth state issue

CVE-2025-10467 | Proliz OBS Student Affairs Information System prior 25.0401 cross site scripting