CVE-2025-40633 – Koibox Stored Cross-Site Scripting (XSS)

May 20, 2025

CVE ID : CVE-2025-40633

Published : May 20, 2025, 11:15 a.m. | 52 minutes ago

Description : A Stored Cross-Site Scripting (XSS) vulnerability has been found in
Koibox for versions prior to e8cbce2. This vulnerability allows an
authenticated attacker to upload an image containing malicious
JavaScript code as profile picture in the
‘/es/dashboard/clientes/ficha/’ endpoint

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-40634 – TP-Link Archer AX50 Router Stack-based Buffer Overflow Vulnerability

Next Article CVE-2025-37892 – Linux Kernel MTD INFTL Buffer Overflow

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Helldivers 2: Heart of Democracy update is live, and you need to jump in to save Super Earth from the Illuminate

Qualcomm’s new Adreno Control Panel will let you fine-tune the GPU for certain games on Snapdragon X Elite devices

Samsung takes on LG’s best gaming TVs — adds NVIDIA G-SYNC support to 2025 flagship

The biggest unanswered questions about Xbox’s next-gen consoles

HCL Commerce V9.1 – The Power of HCL Commerce Search

HCL Commerce V9.1 – The Power of HCL Commerce Search

Community News: Latest PECL Releases (05.20.2025)

Getting Started with Personalization in Sitecore XM Cloud: Enable, Extend, and Execute

Helldivers 2: Heart of Democracy update is live, and you need to jump in to save Super Earth from the Illuminate

Helldivers 2: Heart of Democracy update is live, and you need to jump in to save Super Earth from the Illuminate

Qualcomm’s new Adreno Control Panel will let you fine-tune the GPU for certain games on Snapdragon X Elite devices

Samsung takes on LG’s best gaming TVs — adds NVIDIA G-SYNC support to 2025 flagship

CVE-2025-40633 – Koibox Stored Cross-Site Scripting (XSS)

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-5011 – MoonlightL Hexo-Boot Cross-Site Scripting Vulnerability

CVE-2025-33025 – RUGGEDCOM ROX Command Injection Vulnerability

Black Forest Labs Release FLUX.1 Tools: A Suite of AI Models Designed to Add Control and Steerability to the Base Text-to-Image Model FLUX.1

Mail & Calendar is dead, left inoperable by Microsoft, but this clone of the app lives

Tucano: A Series of Decoder-Transformers Natively Pre-Trained in Portuguese

How to Market and Monetize Adobe Express Add-ons

Site Update – An Apology and a Brighter Future

Microsoft makes so little money in China that itâ€™s closing stores & focusing online instead

Le notizie minori del mondo GNU/Linux e dintorni della settimana nr 14/2025

CVE-2025-40633 – Koibox Stored Cross-Site Scripting (XSS)

Related Posts