CVE-2025-40633

Vulnerability Description

A Stored Cross-Site Scripting (XSS) vulnerability has been found in Koibox for versions prior to e8cbce2. This vulnerability allows an authenticated attacker to upload an image containing malicious JavaScript code as profile picture in the '/es/dashboard/clientes/ficha/' endpoint

Related Weaknesses (CWE)

CWE-79

References

https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-x

FAQ

What is CVE-2025-40633?

CVE-2025-40633 is a documented vulnerability. A Stored Cross-Site Scripting (XSS) vulnerability has been found in Koibox for versions prior to e8cbce2. This vulnerability allows an authenticated attacker to upload an image containing malicious ...

How severe is CVE-2025-40633?

CVSS scoring is not yet available for CVE-2025-40633. Check NVD for updates.

Is there a patch for CVE-2025-40633?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.