{"uuid": "8306e09a-1be1-46f1-8077-ca43db988a7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40633", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16964", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40633\n\ud83d\udd25 CVSS Score: 5.1 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N)\n\ud83d\udd39 Description: A Stored Cross-Site Scripting (XSS) vulnerability has been found in \nKoibox for versions prior to e8cbce2. This vulnerability allows an \nauthenticated attacker to upload an image containing malicious \nJavaScript code as profile picture in the \n'/es/dashboard/clientes/ficha/' endpoint\n\ud83d\udccf Published: 2025-05-20T10:17:00.222Z\n\ud83d\udccf Modified: 2025-05-20T10:17:00.222Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-koibox", "creation_timestamp": "2025-05-20T10:40:15.000000Z"}