FKIE_CVE-2026-23525

Vulnerability from fkie_nvd - Published: 2026-01-18 23:15 - Updated: 2026-03-13 14:29
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
8.4 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Summary
1Panel is an open-source, web-based control panel for Linux server management. A stored Cross-Site Scripting (XSS) vulnerability exists in the 1Panel App Store when viewing application details. Malicious scripts can execute in the context of the user’s browser, potentially compromising session data or sensitive system interfaces. All versions of 1Panel up to and including v1.10.33-lts and v2.0.16 are affected. An attacker could publish a malicious application that, when loaded by users (locally or remotely), can execute arbitrary scripts. This may result in theft of user cookies, unauthorized access to system functions, or other actions that compromise the confidentiality, integrity, and availability of the system. The vulnerability is caused by insufficient sanitization of content rendered by the MdEditor component with the `previewOnly` attribute enabled. Specifically, the App Store renders application README content without proper XSS protection, allowing script execution during content rendering; and similar issues exist in system upgrade-related components, which can be fixed by implementing proper XSS sanitization in the MdEditor component. These vulnerabilities can be mitigated by applying proper XSS protection and sanitization when rendering content in the MdEditor component. Safe versions with a patch incorporated are v1.10.34-lts and v2.0.17.
References
security-advisories@github.comhttps://github.com/1Panel-dev/1Panel/security/advisories/GHSA-mg24-6h5c-9q42Vendor Advisory
Impacted products
Vendor Product Version
fit2cloud 1panel *
fit2cloud 1panel *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fit2cloud:1panel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5968FDD-8F6D-487E-9326-0949B42D2BA3",
              "versionEndExcluding": "1.10.34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fit2cloud:1panel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D333955-D761-4982-A30A-D59D1735FCFD",
              "versionEndExcluding": "2.0.17",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "1Panel is an open-source, web-based control panel for Linux server management. A stored Cross-Site Scripting (XSS) vulnerability exists in the 1Panel App Store when viewing application details. Malicious scripts can execute in the context of the user\u2019s browser, potentially compromising session data or sensitive system interfaces. All versions of 1Panel up to and including v1.10.33-lts and v2.0.16 are affected. An attacker could publish a malicious application that, when loaded by users (locally or remotely), can execute arbitrary scripts. This may result in theft of user cookies, unauthorized access to system functions, or other actions that compromise the confidentiality, integrity, and availability of the system. The vulnerability is caused by insufficient sanitization of content rendered by the MdEditor component with the `previewOnly` attribute enabled. Specifically, the App Store renders application README content without proper XSS protection, allowing script execution during content rendering; and similar issues exist in system upgrade-related components, which can be fixed by implementing proper XSS sanitization in the MdEditor component. These vulnerabilities can be mitigated by applying proper XSS protection and sanitization when rendering content in the MdEditor component. Safe versions with a patch incorporated are v1.10.34-lts and v2.0.17."
    },
    {
      "lang": "es",
      "value": "1Panel es un panel de control de c\u00f3digo abierto, basado en web, para la gesti\u00f3n de servidores Linux. Una vulnerabilidad de cross-site scripting (XSS) almacenado existe en la Tienda de Aplicaciones de 1Panel al ver los detalles de la aplicaci\u00f3n. Scripts maliciosos pueden ejecutarse en el contexto del navegador del usuario, potencialmente comprometiendo datos de sesi\u00f3n o interfaces sensibles del sistema. Todas las versiones de 1Panel hasta e incluyendo v1.10.33-lts y v2.0.16 est\u00e1n afectadas. Un atacante podr\u00eda publicar una aplicaci\u00f3n maliciosa que, cuando es cargada por los usuarios (local o remotamente), puede ejecutar scripts arbitrarios. Esto puede resultar en el robo de cookies de usuario, acceso no autorizado a funciones del sistema u otras acciones que comprometan la confidencialidad, integridad y disponibilidad del sistema. La vulnerabilidad es causada por una sanitizaci\u00f3n insuficiente del contenido renderizado por el componente MdEditor con el atributo \u0027previewOnly\u0027 habilitado. Espec\u00edficamente, la Tienda de Aplicaciones renderiza contenido README de la aplicaci\u00f3n sin la protecci\u00f3n XSS adecuada, permitiendo la ejecuci\u00f3n de scripts durante la renderizaci\u00f3n del contenido; y problemas similares existen en componentes relacionados con la actualizaci\u00f3n del sistema, los cuales pueden ser solucionados implementando una sanitizaci\u00f3n XSS adecuada en el componente MdEditor. Estas vulnerabilidades pueden ser mitigadas aplicando protecci\u00f3n y sanitizaci\u00f3n XSS adecuadas al renderizar contenido en el componente MdEditor. Las versiones seguras con un parche incorporado son v1.10.34-lts y v2.0.17."
    }
  ],
  "id": "CVE-2026-23525",
  "lastModified": "2026-03-13T14:29:08.653",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-01-18T23:15:48.220",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-mg24-6h5c-9q42"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.