CVE-2026-14704
Gravedad CVSS v4.0:
BAJA
Tipo:
CWE-79
Neutralización incorrecta de la entrada durante la generación de la página web (Cross-site Scripting)
Fecha de publicación:
05/07/2026
Última modificación:
05/07/2026
Descripción
*** Pendiente de traducción *** A vulnerability was found in stephen-kruger bluebox up to 4.5.12. Affected by this vulnerability is an unknown functionality. Performing a manipulation of the argument code results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report.
Impacto
Puntuación base 4.0
2.10
Gravedad 4.0
BAJA
Puntuación base 3.x
4.30
Gravedad 3.x
MEDIA
Puntuación base 2.0
5.00
Gravedad 2.0
MEDIA
Referencias a soluciones, herramientas e información
- https://github.com/stephen-kruger/bluebox/
- https://github.com/stephen-kruger/bluebox/issues/32
- https://github.com/stephen-kruger/bluebox/issues/32#issuecomment-4632135192
- https://vuldb.com/cve/CVE-2026-14704
- https://vuldb.com/submit/847357
- https://vuldb.com/vuln/376300
- https://vuldb.com/vuln/376300/cti



