CVE-2026-7596

MEDIUM

nextlevelbuilder ui-ux-pro-max-skill Slide Generator generate-slide.py data.get cross site scripting

Title source: cna

Description

A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through a pull request but has not reacted yet.

References (6)

[Vdb Entry, Technical Description] https://vuldb.com/vuln/360549

[Signature, Permissions Required] https://vuldb.com/vuln/360549/cti

[Third Party Advisory] https://vuldb.com/submit/805510

[Exploit] https://github.com/nextlevelbuilder/ui-ux-pro-max-skill/issues/247

[Patch] https://github.com/nextlevelbuilder/ui-ux-pro-max-skill/pull/274

[Product] https://github.com/nextlevelbuilder/ui-ux-pro-max-skill/

Scores

CVSS v3 4.3

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

Details

CWE

CWE-79 CWE-94

Status published

Products (6)

nextlevelbuilder/ui-ux-pro-max-skill 2.0

nextlevelbuilder/ui-ux-pro-max-skill 2.1

nextlevelbuilder/ui-ux-pro-max-skill 2.2

nextlevelbuilder/ui-ux-pro-max-skill 2.3

nextlevelbuilder/ui-ux-pro-max-skill 2.4

nextlevelbuilder/ui-ux-pro-max-skill 2.5.0

Published May 01, 2026

Tracked Since May 02, 2026