PT-2026-32128 · 1Panel+1 · 1Panel+1
Ana10Gy
·
Published
2026-04-12
·
Updated
2026-04-12
·
CVE-2026-6107
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
1Panel-dev MaxKB versions up to 2.6.1
Description
A flaw exists in the processing of the file
apps/common/middleware/chat headers middleware.py within the ChatHeadersMiddleware component. Manipulation of the Name argument can lead to cross site scripting. Remote exploitation is possible.Recommendations
Upgrade to version 2.8.0 to address this issue.
Fix
XSS
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
1Panel
Maxkb