The vulnerability resides in the Markdown rendering engine of the MaxKB AI assistant, where user supplied content can be processed via eval, leading to stored XSS. Attackers can inject document modifying or malicious JavaScript that executes in the browsers of any user who views the rendered content, potentially exposing session cookies, personal data, or enabling further malicious actions. This flaw is a classic example of stored XSS (CWE-79) and eval injection (CWE‑95).

MaxKB, an open‑source AI assistant for businesses, has versions 2.7.1 and earlier affected. The issue was addressed in release 2.8.0. Administrators or any user interacting with the chat interface while these vulnerable versions are in use are at risk.

With a CVSS score of 6.9, the vulnerability poses a moderate to high threat level. EPSS data is not available and the flaw is not listed in CISA’s KEV catalog, so current exploitation prevalence is unclear. Nonetheless, because any chat participant can embed the malicious content and the payload is stored for subsequent views, the risk is significant. Exploitation requires no privileged access beyond normal chat usage; the attacker only needs the ability to submit content that the system renders. The stored nature of the attack means subsequent victims will automatically run the malicious script without further action on their part.