blackbox.ai stored XSS vulnerability

I found a prompt injection stored cross-site-scripting vulnerability in blackbox.ai which can allow an attacker to inject XSS code then share it to a victim to steal it's cookies while victim's browser currently authenticated to https://www.blackbox.ai.  

https://www.blackbox.ai/share/576066de-6268-4dbd-8c51-3dd509eadba4

I reported this security vulnerability to gisele@blackbox.ai on October 2, 2025. They initially responded and said they would look into it. However, despite a series of consistent follow-ups, never heard from them again.

[Update]
The issue has been fixed, waiting more for the details.