CVE-2026-23525
Stored XSS in 1Panel App Store MdEditor Allows Script Execution
Publication date: 2026-01-18
Last updated on: 2026-03-13
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fit2cloud | 1panel | From 2.0.0 (inc) to 2.0.17 (exc) |
| fit2cloud | 1panel | to 1.10.34 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-23525 is a stored Cross-Site Scripting (XSS) vulnerability in the 1Panel App Store. It occurs because the MdEditor component does not properly sanitize content when rendering application README files, allowing malicious scripts embedded in application descriptions to execute in the user's browser. An attacker can publish a malicious application that, when viewed by users, executes arbitrary scripts. This can lead to theft of user cookies, unauthorized access to system functions, and compromise of the system's confidentiality, integrity, and availability. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute malicious scripts in your browser when viewing application details in the 1Panel App Store. This can result in theft of user session cookies, unauthorized access to system functions, and potentially compromise the confidentiality, integrity, and availability of your system. Essentially, it can lead to unauthorized actions and data breaches within the affected system. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves checking if your 1Panel installation is running a vulnerable version (up to and including v1.10.33-lts and v2.0.16). You can verify the version by running commands to check the installed 1Panel version, such as `1panel --version` or inspecting the version in the application interface. Additionally, monitoring web traffic for suspicious scripts in the App Store application details or system upgrade pages may help identify exploitation attempts. However, no specific detection commands are provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade 1Panel to a patched version that includes proper XSS sanitization in the MdEditor component. Specifically, update to version v1.10.34-lts or v2.0.17 or later. This will fix the stored Cross-Site Scripting vulnerability by ensuring safe rendering of user-controllable content. Until the upgrade is applied, avoid loading untrusted application details in the App Store and restrict user privileges to reduce risk. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability can lead to theft of user cookies and unauthorized access to system functions, compromising confidentiality, integrity, and availability of the system. Such compromises could negatively impact compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system security. However, specific effects on compliance are not detailed in the provided resources. [1]