CVE-2026-14704

Summary

A vulnerability was found in stephen-kruger bluebox up to 4.5.12. Affected by this vulnerability is an unknown functionality. Performing a manipulation of the argument code results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report.

Affected Software

VendorProductVersion RangeStatus
stephen-krugerbluebox4.5.0affected
stephen-krugerbluebox4.5.1affected
stephen-krugerbluebox4.5.2affected
stephen-krugerbluebox4.5.3affected
stephen-krugerbluebox4.5.4affected
stephen-krugerbluebox4.5.5affected
stephen-krugerbluebox4.5.6affected
stephen-krugerbluebox4.5.7affected
stephen-krugerbluebox4.5.8affected
stephen-krugerbluebox4.5.9affected
stephen-krugerbluebox4.5.10affected
stephen-krugerbluebox4.5.11affected
stephen-krugerbluebox4.5.12affected

Weaknesses

  • CWE-79: Cross Site Scripting
  • CWE-94: Code Injection

References