A vulnerability has been found in vapor leaf-kit up to 1.14.1 and classified as problematic . This impacts an unknown function. Performing a manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2026-28499 . It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.