10 matches found
CVE-2026-6107
A flaw has been found in 1Panel-dev MaxKB up to 2.6.1. This issue affects some unknown processing of the file apps/common/middleware/chatheadersmiddleware.py of the component ChatHeadersMiddleware. This manipulation of the argument Name causes cross site scripting. Remote exploitation of the atta...
CVE-2026-39422
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability through the application name or icon fields when creating an application. When a victim visits the public chat interface /ui/chat/accesstoken, the...
CVE-2026-39422
MaxKB vulnerability CVE-2026-39422 is a Stored XSS in versions 2.7.1 and earlier, triggered via the application name or icon fields when creating an application. When users visit the public chat interface (/ui/chat/{access_token}), ChatHeadersMiddleware retrieves application data and directly ins...
CVE-2026-39422 MaxKB has Stored XSS via ChatHeadersMiddleware
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability through the application name or icon fields when creating an application. When a victim visits the public chat interface /ui/chat/accesstoken, the...
CVE-2026-39422 MaxKB has Stored XSS via ChatHeadersMiddleware
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability through the application name or icon fields when creating an application. When a victim visits the public chat interface /ui/chat/accesstoken, the...
CVE-2026-6107 1Panel-dev MaxKB ChatHeadersMiddleware chat_headers_middleware.py cross site scripting
A flaw has been found in 1Panel-dev MaxKB up to 2.6.1. This issue affects some unknown processing of the file apps/common/middleware/chatheadersmiddleware.py of the component ChatHeadersMiddleware. This manipulation of the argument Name causes cross site scripting. Remote exploitation of the atta...
EUVD-2026-21688
A flaw has been found in 1Panel-dev MaxKB up to 2.6.1. This issue affects some unknown processing of the file apps/common/middleware/chatheadersmiddleware.py of the component ChatHeadersMiddleware. This manipulation of the argument Name causes cross site scripting. Remote exploitation of the atta...
CVE-2026-6107
A flaw has been found in 1Panel-dev MaxKB up to 2.6.1. This issue affects some unknown processing of the file apps/common/middleware/chatheadersmiddleware.py of the component ChatHeadersMiddleware. This manipulation of the argument Name causes cross site scripting. Remote exploitation of the atta...
MaxKB 代码注入漏洞
MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.6.1 contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of parameters in the file...
PT-2026-32128
A flaw has been found in 1Panel-dev MaxKB up to 2.6.1. This issue affects some unknown processing of the file apps/common/middleware/chat headers middleware.py of the component ChatHeadersMiddleware. This manipulation of the argument Name causes cross site scripting. Remote exploitation of the...