CVE-2024-9198
HIGHClibo Manager 1.1.9.1 - Stored Cross-Site Scripting via SVG Profile Picture Upload
Title source: llmDescription
Vulnerability in Clibo Manager v1.1.9.1 that could allow an attacker to execute an stored Cross-Site Scripting (stored XSS ) by uploading a malicious .svg image in the section: Profile > Profile picture.
References (1)
Core 1
Core References
Scores
CVSS v3
7.6
EPSS
0.0024
EPSS Percentile
15.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
clibomanager/clibo_manager
1.1.9.1
Published
Sep 26, 2024
Tracked Since
Feb 18, 2026