CVE-2024-9198

Name of the Vulnerable Software and Affected Versions Clibo Manager version 1.1.9.1

Description The issue allows an attacker to execute a stored Cross-Site Scripting (XSS) attack by uploading a malicious .svg image in the Profile > Profile picture section. This could potentially affect a significant number of devices, although the exact number is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For Clibo Manager version 1.1.9.1, consider disabling the ability to upload .svg images in the Profile > Profile picture section until a patch is available. Restrict access to the Profile picture upload feature to minimize the risk of exploitation. Avoid using the Profile picture upload feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.