2025-10-02 10:50:54
INCIBE
PUBLISHED
Stored XSS vulnerability in Creativeitem Sociopro due to lack of proper validation of user inputs via the endpoint /sociopro/profile/update_profile, affecting to name parameter via POST. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal his/her cookie session details.