Skip to main content

Bluebox

1 CVEs product

Monthly

CVE-2026-14704 LOW POC Monitor

Cross-site scripting in stephen-kruger bluebox up to version 4.5.12 allows remote attackers to inject and execute arbitrary JavaScript in victims' browsers by manipulating the 'code' argument in an unspecified function. The attack requires user interaction (CVSS 4.0 UI:P), meaning a victim must be induced to click a crafted link or visit a malicious page. A public exploit exists via a GitHub issue report, though no CISA KEV listing confirms active widespread exploitation. The CVSS 4.0 score of 2.1 reflects the constrained integrity-only impact and passive user-interaction requirement.

XSS Bluebox
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.3%
EPSS 0% CVSS 2.1
LOW POC Monitor

Cross-site scripting in stephen-kruger bluebox up to version 4.5.12 allows remote attackers to inject and execute arbitrary JavaScript in victims' browsers by manipulating the 'code' argument in an unspecified function. The attack requires user interaction (CVSS 4.0 UI:P), meaning a victim must be induced to click a crafted link or visit a malicious page. A public exploit exists via a GitHub issue report, though no CISA KEV listing confirms active widespread exploitation. The CVSS 4.0 score of 2.1 reflects the constrained integrity-only impact and passive user-interaction requirement.

XSS Bluebox
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy