CVE-2026-41472
published 2026-04-24CVE-2026-41472: CyberPanel versions prior to 2.4.4 contain a stored cross-site scripting vulnerability in the AI Scanner dashboard where the POST /api/ai-scanner/callback…
PriorityP335medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.50%
39.2th percentile
CyberPanel versions prior to 2.4.4 contain a stored cross-site scripting vulnerability in the AI Scanner dashboard where the POST /api/ai-scanner/callback endpoint lacks authentication and allows unauthenticated attackers to inject malicious JavaScript by overwriting the findings_json field of ScanHistory records. Attackers can inject JavaScript that executes in an administrator's authenticated session when they visit the AI Scanner dashboard, allowing them to issue same-origin requests to plant cron jobs and achieve remote code execution on the server.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cyberpanel | cyberpanel | < 2.4.4 | 2.4.4 |
| usmannasir | cyberpanel | < 2.4.4 | 2.4.4 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
usmannasir cyberpanel up to 2.4.3 AI Scanner Dashboard findings_json cross site scripting
vuldb·2026-04-25·CVSS 5.3
CVE-2026-41472 [MEDIUM] usmannasir cyberpanel up to 2.4.3 AI Scanner Dashboard findings_json cross site scripting
A vulnerability classified as problematic has been found in usmannasir cyberpanel up to 2.4.3. The impacted element is an unknown function of the component AI Scanner Dashboard. This manipulation of the argument findings_json causes cross site scripting.
This vulnerability is registered as CVE-2026-41472. Remote exploitation of the attack is possible. No exploit is available.
It is recommended to upgrade the affected component.
GHSA
GHSA-7jgx-wx3x-3fp3: CyberPanel versions prior to 2
ghsa_unreviewed·2026-04-24
CVE-2026-41472 [MEDIUM] CWE-79 GHSA-7jgx-wx3x-3fp3: CyberPanel versions prior to 2
CyberPanel versions prior to 2.4.4 contain a stored cross-site scripting vulnerability in the AI Scanner dashboard where the POST /api/ai-scanner/callback endpoint lacks authentication and allows unauthenticated attackers to inject malicious JavaScript by overwriting the findings_json field of ScanHistory records. Attackers can inject JavaScript that executes in an administrator's authenticated session when they visit the AI Scanner dashboard, allowing them to issue same-origin requests to plant cron jobs and achieve remote code execution on the server.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-24
Published