Skip to main content

Ui Ux Pro Max Skill

2 CVEs product

Monthly

CVE-2026-7596 LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in nextlevelbuilder ui-ux-pro-max-skill up to version 2.5.0 allows remote attackers to inject malicious scripts via unescaped user input in the Slide Generator component's data.get() function. The vulnerability affects slide generation where user-supplied content (titles, subtitles, company names, feature descriptions) is embedded directly into HTML output without sanitization. Publicly available exploit code exists, and the vendor has released a patch via pull request, though the project has not actively responded to security notifications. CVSS score of 2.1 reflects low severity due to required user interaction, but the public availability of exploit code increases practical exploitation risk.

XSS Ui Ux Pro Max Skill
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7595 LOW POC PATCH Monitor

Code injection vulnerability in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0 allows authenticated remote attackers to execute arbitrary code via unsanitized plugin names in the Tailwind Config Generator. The _format_plugins function constructs require() statements without validation, enabling attackers with login credentials to inject malicious JavaScript into the Tailwind configuration. Publicly available exploit code exists and the vendor has released a patch via pull request, though adoption status is unconfirmed.

RCE Code Injection Ui Ux Pro Max Skill
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in nextlevelbuilder ui-ux-pro-max-skill up to version 2.5.0 allows remote attackers to inject malicious scripts via unescaped user input in the Slide Generator component's data.get() function. The vulnerability affects slide generation where user-supplied content (titles, subtitles, company names, feature descriptions) is embedded directly into HTML output without sanitization. Publicly available exploit code exists, and the vendor has released a patch via pull request, though the project has not actively responded to security notifications. CVSS score of 2.1 reflects low severity due to required user interaction, but the public availability of exploit code increases practical exploitation risk.

XSS Ui Ux Pro Max Skill
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

Code injection vulnerability in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0 allows authenticated remote attackers to execute arbitrary code via unsanitized plugin names in the Tailwind Config Generator. The _format_plugins function constructs require() statements without validation, enabling attackers with login credentials to inject malicious JavaScript into the Tailwind configuration. Publicly available exploit code exists and the vendor has released a patch via pull request, though adoption status is unconfirmed.

RCE Code Injection Ui Ux Pro Max Skill
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy