PT-2026-32127 · 1Panel Dev · 1Panel Maxkb
Ana10Gy
·
Published
2026-04-11
·
Updated
2026-04-11
·
CVE-2026-6106
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
1Panel-dev MaxKB versions up to 2.2.1
Description
A cross-site scripting issue exists due to the manipulation of the
Name argument within the StaticHeadersMiddleware function located in the apps/common/middleware/static headers middleware.py file of the Public Chat Interface component. The attack can be launched remotely.Recommendations
Upgrade to version 2.8.0.
Exploit
Fix
XSS
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
1Panel Maxkb