CVE-2024-9198

HIGH

Clibo Manager 1.1.9.1 - Stored Cross-Site Scripting via SVG Profile Picture Upload

Title source: llm
STIX 2.1

Description

Vulnerability in Clibo Manager v1.1.9.1 that could allow an attacker to execute an stored Cross-Site Scripting (stored XSS ) by uploading a malicious .svg image in the section: Profile > Profile picture.

Scores

CVSS v3 7.6
EPSS 0.0024
EPSS Percentile 15.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
clibomanager/clibo_manager 1.1.9.1
Published Sep 26, 2024
Tracked Since Feb 18, 2026