Koibox for versions prior to e8cbce2. This vulnerability allows an
authenticated attacker to upload an image containing malicious
JavaScript code as profile picture in the
'/es/dashboard/clientes/ficha/' endpoint
No analysis available yet.
No remediation available yet.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2025-15815 | A Stored Cross-Site Scripting (XSS) vulnerability has been found in Koibox for versions prior to e8cbce2. This vulnerability allows an authenticated attacker to upload an image containing malicious JavaScript code as profile picture in the '/es/dashboard/clientes/ficha/' endpoint |
Tue, 20 May 2025 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 20 May 2025 10:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A Stored Cross-Site Scripting (XSS) vulnerability has been found in Koibox for versions prior to e8cbce2. This vulnerability allows an authenticated attacker to upload an image containing malicious JavaScript code as profile picture in the '/es/dashboard/clientes/ficha/' endpoint | |
| Title | Stored Cross-Site Scripting (XSS) in Koibox | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV4_0
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: INCIBE
Published:
Updated: 2025-05-20T13:19:41.492Z
Reserved: 2025-04-16T08:38:09.209Z
Link: CVE-2025-40633
Updated: 2025-05-20T13:19:18.859Z
Status : Deferred
Published: 2025-05-20T11:15:48.630
Modified: 2026-06-17T09:21:51.847
Link: CVE-2025-40633
No data.
OpenCVE Enrichment
No data.
-
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
EUVD