Security Advisory

CVE-2025-40663

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-26 12:55:30

Last updated 2025-05-27 14:12:00

Assigner INCIBE

State PUBLISHED

Description

Stored Cross-Site Scripting (XSS) vulnerability in i2A-Cronos version 23.02.01.17, from i2A. It allows an authenticated attacker to upload a malicious SVG image into the users personal space in /CronosWeb/Modules/Persons/PersonalDocuments/PersonalDocuments. There is no reported fix at this time.

← Browse all CVEs View on cve.org ↗