CVE-2025-40633
Stored Cross-Site Scripting (XSS) in Koibox
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Stored Cross-Site Scripting (XSS) in Koibox
A Stored Cross-Site Scripting (XSS) vulnerability has been found in Koibox for versions prior to e8cbce2. This vulnerability allows an authenticated attacker to upload an image containing malicious JavaScript code as profile picture in the '/es/dashboard/clientes/ficha/' endpoint
Reserved 2025-04-16 | Published 2025-05-20 | Updated 2025-05-20 | Assigner INCIBECWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
www.incibe.es/...viso/stored-cross-site-scripting-xss-koibox
Support options
