CVE-2026-25354

Name of the Vulnerable Software and Affected Versions skygroup Reebox versions prior to 1.4.8

Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-site Scripting (XSS) condition. This allows for the injection of malicious scripts into web pages. The vulnerable component is susceptible to attacks where an attacker can inject arbitrary web scripts.

Recommendations Update skygroup Reebox to version 1.4.8 or later.