exploitDog

GHSA-w3h9-r78g-92j8

Опубликовано: 30 окт. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

Cross-site scripting (XSS) vulnerability in Zucchetti Ad Hoc Infinity 4.2 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahi/jsp/gsfr_feditorHTML.jsp?pHtmlSource endpoint.

Cross-site scripting (XSS) vulnerability in Zucchetti Ad Hoc Infinity 4.2 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahi/jsp/gsfr_feditorHTML.jsp?pHtmlSource endpoint.

Ссылки

EPSS

Процентиль: 17%

0.00055

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-52180

CVSS3: 6.1

nvd

3 месяца назад

Cross-site scripting (XSS) vulnerability in Zucchetti Ad Hoc Infinity 4.2 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahi/jsp/gsfr_feditorHTML.jsp?pHtmlSource endpoint.

EPSS

Процентиль: 17%

0.00055

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79