CVE-2025-40663
Our Analysis: General-Purpose
Our model has classified this vulnerability as relevant to General-Purpose Systems, helping your team prioritize efforts effectively.
Published Date
May 26, 2025
Last Modified
May 28, 2025
CVSS Vector
Not Available
Description
Stored Cross-Site Scripting (XSS) vulnerability in i2A-Cronos version 23.02.01.17, from i2A. It allows an authenticated attacker to upload a malicious SVG image into the user's personal space in /CronosWeb/Modules/Persons/PersonalDocuments/PersonalDocuments.
There is no reported fix at this time.