CVE-2025-61431

A reflected cross-site scripted XSS vulnerability in the /jsp/gsfrfeditorHTML.jsp endpoint of Zucchetti ZMaintenance Infinity and Infinity Zucchetti v4.1 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into the...

CVE-2025-61431

CVE-2025-61431 is a reflected XSS in Zucchetti ZMaintenance Infinity (and Infinity Zucchetti) up to v4.1. The flaw arises from unvalidated input delivered to the /jsp/gsfr_feditorHTML.jsp endpoint, allowing an attacker to inject crafted payload into the pHtmlSource parameter and execute arbitrary...

PT-2024-20859 · Unknown · 3Dsecure 2.0

Name of the Vulnerable Software and Affected Versions: 3DSecure 2.0 version 3DS Authorization Method Description: The issue concerns multiple reflected Cross-Site Scripting XSS vulnerabilities in the 3DS Authorization Method of 3DSecure 2.0. This vulnerability allows reflected XSS via the...

CVE-2018-19811

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 build 51029. The page "/VPortal/mgtconsole/Import.jsp" has reflected XSS via the ConnPoolName parameter...