PatchSiren cyber security CVE debrief
CVE-2026-48885 Groundhogg CVE debrief
CVE-2026-48885 is a HIGH severity Unauthenticated Cross Site Scripting (XSS) vulnerability in HollerBox versions up to 2.3.10.1. The vulnerability has a CVSS score of 7.1 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-48885).
- Vendor
- Groundhogg
- Product
- HollerBox
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of HollerBox versions up to 2.3.10.1 should apply patches or mitigations as soon as possible to prevent exploitation.
Technical summary
The vulnerability is caused by improper input validation in HollerBox, allowing unauthenticated attackers to inject malicious scripts. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates to HollerBox versions up to 2.3.10.1 as soon as possible.
- Review and restrict user input to prevent malicious script injection.
Evidence notes
Evidence for this vulnerability comes from Patchstack and the National Vulnerability Database (NVD).
Official resources
-
CVE-2026-48885 CVE record
CVE.org
-
CVE-2026-48885 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-48885 was published on 2026-06-15T21:17:17.730Z and modified on 2026-06-15T21:24:32.790Z.