4 matches found
CVE-2025-61431
A reflected cross-site scripted XSS vulnerability in the /jsp/gsfrfeditorHTML.jsp endpoint of Zucchetti ZMaintenance Infinity and Infinity Zucchetti v4.1 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into the...
PT-2025-45036
Name of the Vulnerable Software and Affected Versions Zucchetti ZMaintenance Infinity versions prior to 4.2 Zucchetti ZMaintenance Infinity Zucchetti version 4.1 Description A reflected cross-site scripting XSS issue exists in the /jsp/gsfr feditorHTML.jsp API endpoint of the software. This allow...
CVE-2025-61431
CVE-2025-61431 is a reflected XSS in Zucchetti ZMaintenance Infinity (and Infinity Zucchetti) up to v4.1. The flaw arises from unvalidated input delivered to the /jsp/gsfr_feditorHTML.jsp endpoint, allowing an attacker to inject crafted payload into the pHtmlSource parameter and execute arbitrary...
Zucchetti ZMaintenance Infinity 安全漏洞
Zucchetti ZMaintenance Infinity is an enterprise asset management and maintenance software from ZMaintenance, Italy. A security vulnerability exists in Zucchetti ZMaintenance Infinity v4.1 and earlier versions, which originates from an unverified input of the pHtmlSource parameter and could lead ...