exploitDog

CVE-2025-40663

Опубликовано: 26 мая 2025

Источник: nvd

EPSS Низкий

Описание

Stored Cross-Site Scripting (XSS) vulnerability in i2A-Cronos version 23.02.01.17, from i2A. It allows an authenticated attacker to upload a malicious SVG image into the user's personal space in /CronosWeb/Modules/Persons/PersonalDocuments/PersonalDocuments. There is no reported fix at this time.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-i2a-cronos-i2a

EPSS

Процентиль: 19%

0.0006

Низкий

Дефекты

CWE-79

Связанные уязвимости

GHSA-jwv4-36xj-9f72

github

9 месяцев назад

Stored Cross-Site Scripting (XSS) vulnerability in i2A-Cronos version 23.02.01.17, from i2A. It allows an authenticated attacker to upload a malicious SVG image into the user's personal space in /CronosWeb/Modules/Persons/PersonalDocuments/PersonalDocuments. There is no reported fix at this time.

EPSS

Процентиль: 19%

0.0006

Низкий

Дефекты

CWE-79