Skip to main content

Reebox

1 CVEs product

Monthly

CVE-2026-25354 HIGH PATCH This Week

A reflected Cross-Site Scripting (XSS) vulnerability exists in the skygroup Reebox WordPress theme due to improper neutralization of user input during web page generation. This vulnerability affects Reebox versions prior to 1.4.8, allowing attackers to inject malicious scripts that execute in the context of a victim's browser when they click a crafted link. While CVSS and EPSS scores are not publicly available, the CWE-79 classification and Patchstack reporting indicate this is a confirmed, real vulnerability with active disclosure through the EUVD database (EUVD-2026-15671).

XSS Reebox
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A reflected Cross-Site Scripting (XSS) vulnerability exists in the skygroup Reebox WordPress theme due to improper neutralization of user input during web page generation. This vulnerability affects Reebox versions prior to 1.4.8, allowing attackers to inject malicious scripts that execute in the context of a victim's browser when they click a crafted link. While CVSS and EPSS scores are not publicly available, the CWE-79 classification and Patchstack reporting indicate this is a confirmed, real vulnerability with active disclosure through the EUVD database (EUVD-2026-15671).

XSS Reebox
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy