CVE-2025-61431

A reflected cross-site scripted XSS vulnerability in the /jsp/gsfrfeditorHTML.jsp endpoint of Zucchetti ZMaintenance Infinity and Infinity Zucchetti v4.1 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into the...

PT-2025-45036

Name of the Vulnerable Software and Affected Versions Zucchetti ZMaintenance Infinity versions prior to 4.2 Zucchetti ZMaintenance Infinity Zucchetti version 4.1 Description A reflected cross-site scripting XSS issue exists in the /jsp/gsfr feditorHTML.jsp API endpoint of the software. This allow...

CVE-2025-52180

Summary: CVE-2025-52180 is a cross-site scripting (XSS) flaw in Zucchetti Ad Hoc Infinity 4.2 and earlier. The issue arises from an unvalidated pHtmlSource parameter at the endpoint /ahi/jsp/gsfr_feditorHTML.jsp?pHtmlSource, enabling remote, unauthenticated attackers to inject arbitrary JavaScrip...

CVE-2025-52179

Cross-site scripting XSS vulnerability in Zucchetti Ad Hoc Revolution 4.1 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahrw/jsp/gsfrfeditorHTML.jsp endpoint...