CVE-2026-7596 PUBLISHED

nextlevelbuilder ui-ux-pro-max-skill Slide Generator generate-slide.py data.get cross site scripting

Assigner: VulDB
Reserved: 01.05.2026 Published: 01.05.2026 Updated: 02.05.2026

A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through a pull request but has not reacted yet.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
CVSS Score: 5.3

Product Status

Vendor nextlevelbuilder
Product ui-ux-pro-max-skill
Versions
  • Version 2.0 is affected
  • Version 2.1 is affected
  • Version 2.2 is affected
  • Version 2.3 is affected
  • Version 2.4 is affected
  • Version 2.5.0 is affected

Credits

  • Yu-Bao (VulDB User) reporter
  • VulDB CNA Team coordinator

References

Problem Types

  • Cross Site Scripting CWE
  • Code Injection CWE