CVE-2025-40633
Stored Cross-Site Scripting (XSS) in Koibox
A Stored Cross-Site Scripting (XSS) vulnerability has been found in
Koibox for versions prior to e8cbce2. This vulnerability allows an
authenticated attacker to upload an image containing malicious
JavaScript code as profile picture in the
'/es/dashboard/clientes/ficha/' endpoint
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Affected products
Koibox · KoiboxWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →