CVE-2026-14704
Severity CVSS v4.0:
LOW
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
05/07/2026
Last modified:
06/07/2026
Description
A vulnerability was found in stephen-kruger bluebox up to 4.5.12. Affected by this vulnerability is an unknown functionality. Performing a manipulation of the argument code results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report.
Impact
Base Score 4.0
2.10
Severity 4.0
LOW
Base Score 3.x
4.30
Severity 3.x
MEDIUM
Base Score 2.0
5.00
Severity 2.0
MEDIUM
References to Advisories, Solutions, and Tools
- https://github.com/stephen-kruger/bluebox/
- https://github.com/stephen-kruger/bluebox/issues/32
- https://github.com/stephen-kruger/bluebox/issues/32#issuecomment-4632135192
- https://vuldb.com/cve/CVE-2026-14704
- https://vuldb.com/submit/847357
- https://vuldb.com/vuln/376300
- https://vuldb.com/vuln/376300/cti



