14 matches found
CVE-2025-61431
CVE-2025-61431 is a reflected XSS in Zucchetti ZMaintenance Infinity (and Infinity Zucchetti) up to v4.1. The flaw arises from unvalidated input delivered to the /jsp/gsfr_feditorHTML.jsp endpoint, allowing an attacker to inject crafted payload into the pHtmlSource parameter and execute arbitrary...
CVE-2025-61431
A reflected cross-site scripted XSS vulnerability in the /jsp/gsfrfeditorHTML.jsp endpoint of Zucchetti ZMaintenance Infinity and Infinity Zucchetti v4.1 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into the...
CVE-2025-61431
A reflected cross-site scripted XSS vulnerability in the /jsp/gsfrfeditorHTML.jsp endpoint of Zucchetti ZMaintenance Infinity and Infinity Zucchetti v4.1 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into the...
CVE-2025-52179
Cross-site scripting XSS vulnerability in Zucchetti Ad Hoc Revolution 4.1 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahrw/jsp/gsfrfeditorHTML.jsp endpoint...
EUVD-2025-37194
Cross-site scripting XSS vulnerability in Zucchetti Ad Hoc Revolution 4.1 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahrw/jsp/gsfrfeditorHTML.jsp endpoint...
CVE-2025-52179
Cross-site scripting XSS vulnerability in Zucchetti Ad Hoc Revolution 4.1 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahrw/jsp/gsfrfeditorHTML.jsp endpoint...
CVE-2025-52180
Cross-site scripting XSS vulnerability in Zucchetti Ad Hoc Infinity 4.2 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahi/jsp/gsfrfeditorHTML.jsp?pHtmlSource endpoint...
CVE-2025-52180
Cross-site scripting XSS vulnerability in Zucchetti Ad Hoc Infinity 4.2 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahi/jsp/gsfrfeditorHTML.jsp?pHtmlSource endpoint...
Zucchetti Ad Hoc Infinity 安全漏洞
Zucchetti Ad Hoc Infinity is an ERP software from Zucchetti. A security vulnerability exists in Zucchetti Ad Hoc Infinity 4.2 and earlier versions, which stems from an unvalidated pHtmlSource parameter that could lead to a cross-site scripting attack...
PT-2025-44444
Name of the Vulnerable Software and Affected Versions Zucchetti Ad Hoc Revolution versions 4.1 and earlier Description A cross-site scripting XSS issue exists in Zucchetti Ad Hoc Revolution. This allows attackers to inject arbitrary JavaScript code. The issue is present in the /ahrw/jsp/gsfr...
CVE-2025-52180
Cross-site scripting XSS vulnerability in Zucchetti Ad Hoc Infinity 4.2 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahi/jsp/gsfrfeditorHTML.jsp?pHtmlSource endpoint...
CVE-2025-52179
CVE-2025-52179 is an XSS vulnerability in Zucchetti Ad Hoc Revolution 4.1 and earlier. It allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahrw/jsp/gsfr_feditorHTML.jsp endpoint. Affected software: Zucchetti Ad Hoc Revolution up to versi...
CVE-2025-52180
Cross-site scripting XSS vulnerability in Zucchetti Ad Hoc Infinity 4.2 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahi/jsp/gsfrfeditorHTML.jsp?pHtmlSource endpoint...
PT-2025-44447
Name of the Vulnerable Software and Affected Versions Zucchetti Ad Hoc Infinity versions prior to 4.2 Description A cross-site scripting issue exists in Zucchetti Ad Hoc Infinity. This allows attackers to inject arbitrary JavaScript code. The issue is present in the /ahi/jsp/gsfr feditorHTML.jsp...