CVE-2026-7596
nextlevelbuilder ui-ux-pro-max-skill Slide Generator generate-slide.py data.get cross site scripting
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through a pull request but has not reacted yet.
| CWE | CWE-79 CWE-94 |
| Vendor | nextlevelbuilder |
| Product | ui-ux-pro-max-skill |
| Published | May 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for nextlevelbuilder ui-ux-pro-max-skill
Be the first to know when new medium vulnerabilities affecting nextlevelbuilder ui-ux-pro-max-skill are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
nextlevelbuilder / ui-ux-pro-max-skill
2.0 2.1 2.2 2.3 2.4 2.5.0
References
vuldb.com: https://vuldb.com/vuln/360549 vuldb.com: https://vuldb.com/vuln/360549/cti vuldb.com: https://vuldb.com/submit/805510 github.com: https://github.com/nextlevelbuilder/ui-ux-pro-max-skill/issues/247 github.com: https://github.com/nextlevelbuilder/ui-ux-pro-max-skill/pull/274 github.com: https://github.com/nextlevelbuilder/ui-ux-pro-max-skill/
Credits
๐ Yu-Bao (VulDB User) VulDB CNA Team