{"id":63374,"date":"2025-05-20T17:32:20","date_gmt":"2025-05-20T14:02:20","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2025-40633-koibox-stored-cross-site-scripting-xss\/"},"modified":"2025-05-20T17:32:20","modified_gmt":"2025-05-20T14:02:20","slug":"cve-2025-40633-koibox-stored-cross-site-scripting-xss","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2025-40633-koibox-stored-cross-site-scripting-xss\/","title":{"rendered":"CVE-2025-40633 &#8211; Koibox Stored Cross-Site Scripting (XSS)"},"content":{"rendered":"<p><strong>CVE ID : <\/strong>CVE-2025-40633<br \/>\n<br \/>\n<strong>Published : <\/strong> May 20, 2025, 11:15 a.m. | 1\u00a0hour, 54\u00a0minutes ago<br \/>\n<br \/>\n<strong>Description : <\/strong>A Stored Cross-Site Scripting (XSS) vulnerability has been found in<br \/>\nKoibox for versions prior to e8cbce2. This vulnerability allows an<br \/>\nauthenticated attacker to upload an image containing malicious<br \/>\nJavaScript code as profile picture in the<br \/>\n&#8216;\/es\/dashboard\/clientes\/ficha\/&#8217; endpoint<br \/>\n<br \/>\n<strong>Severity:<\/strong> 0.0 | NA<br \/>\n<br \/>\nVisit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2025-40633 Published : May 20, 2025, 11:15 a.m. | 1\u00a0hour, 54\u00a0minutes ago Description : A Stored Cross-Site Scripting (XSS) vulnerability has been found in Koibox for versions prior to e8cbce2. This vulnerability allows an authenticated attacker to upload an image containing malicious JavaScript code as profile picture in the &#8216;\/es\/dashboard\/clientes\/ficha\/&#8217; endpoint Severity: &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-63374","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/63374","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=63374"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/63374\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=63374"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=63374"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=63374"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}