CVE-2025-40633 – Koibox Stored Cross-Site Scripting (XSS)

CVE ID : CVE-2025-40633

Published : May 20, 2025, 11:15 a.m. | 1 hour, 54 minutes ago

Description : A Stored Cross-Site Scripting (XSS) vulnerability has been found in
Koibox for versions prior to e8cbce2. This vulnerability allows an
authenticated attacker to upload an image containing malicious
JavaScript code as profile picture in the
‘/es/dashboard/clientes/ficha/’ endpoint

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…