CVE-2025-40633

May 20, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2025-40633
Type cve
Published 2025-05-20T11:15:48
Last Seen 2025-05-20T11:21:02

CVSS Information

Base Score 0.0 ()
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact

AI Analysis

AI Description A Stored Cross-Site Scripting (XSS) vulnerability was found in Koibox versions prior to e8cbce2. It allows authenticated attackers to upload malicious images as profile pictures, potentially executing arbitrary JavaScript code in the victim’s browser when the image is viewed.
AI Severity Medium
Vendor Koibox
Product Koibox
Affected Version prior to e8cbce2

Additional Information

CVE List CVE-2025-40633
CWE List CWE-79
Bulletin Family cve

Description

A Stored Cross-Site Scripting (XSS) vulnerability has been found in Koibox for versions prior to e8cbce2. This vulnerability allows an authenticated attacker to upload an image containing malicious JavaScript code as profile picture in the…

CVSS Score Summary

Base Score: %!f(string=#) ()

View Full CVE Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.