nextlevelbuilder ui-ux-pro-max-skill Slide Generator generate-slide.py data.get cross site scripting

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through a pull request but has not reacted yet.

Basic Information

ID CVE-2026-7596

Source VulDB

Published May 1, 2026 at 21:00

Affected Product

Vendor nextlevelbuilder

Product ui-ux-pro-max-skill

Version 2.0

Affected Versions nextlevelbuilder ui-ux-pro-max-skill 2.0
nextlevelbuilder ui-ux-pro-max-skill 2.1
nextlevelbuilder ui-ux-pro-max-skill 2.2
nextlevelbuilder ui-ux-pro-max-skill 2.3
nextlevelbuilder ui-ux-pro-max-skill 2.4
nextlevelbuilder ui-ux-pro-max-skill 2.5.0

CWE Classification

CWE-79 CWE-94

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through a pull request but has not reacted yet.",
    "published": "2026-05-01T21:00:19.576Z",
    "modified": "2026-05-01T21:00:19.576Z",
    "type": "cve",
    "title": "nextlevelbuilder ui-ux-pro-max-skill Slide Generator generate-slide.py data.get cross site scripting",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/360549\nhttps://vuldb.com/vuln/360549/cti\nhttps://vuldb.com/submit/805510\nhttps://github.com/nextlevelbuilder/ui-ux-pro-max-skill/issues/247\nhttps://github.com/nextlevelbuilder/ui-ux-pro-max-skill/pull/274\nhttps://github.com/nextlevelbuilder/ui-ux-pro-max-skill/",
    "id": "CVE-2026-7596",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "nextlevelbuilder ui-ux-pro-max-skill 2.0\nnextlevelbuilder ui-ux-pro-max-skill 2.1\nnextlevelbuilder ui-ux-pro-max-skill 2.2\nnextlevelbuilder ui-ux-pro-max-skill 2.3\nnextlevelbuilder ui-ux-pro-max-skill 2.4\nnextlevelbuilder ui-ux-pro-max-skill 2.5.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ui-ux-pro-max-skill",
    "version": "2.0",
    "vendor": "nextlevelbuilder",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

nextlevelbuilder ui-ux-pro-max-skill Slide Generator generate-slide.py data.get cross site scripting_CVE-2026-7596