CVE-2025-40663

CVE-2025-40663 describes a Stored Cross-Site Scripting (XSS) vulnerability in i2A-Cronos v23.02.01.17 (i2A). An authenticated attacker can upload a malicious SVG image into a user’s personal space at /CronosWeb/Modules/Persons/PersonalDocuments/PersonalDocuments, leading to script execution withi...