CVE-2025-61431
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-04

Last updated on: 2026-02-04

Assigner: MITRE

Description
A reflected cross-site scripted (XSS) vulnerability in the /jsp/gsfr_feditorHTML.jsp endpoint of Zucchetti ZMaintenance Infinity and Infinity Zucchetti v4.1 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into the pHtmlSource parameter. A vendor fix was released on 2025-06-18.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-04
Last Modified
2026-02-04
Generated
2026-05-07
AI Q&A
2025-11-04
EPSS Evaluated
2026-05-05
NVD
CVE-2025-61431
EUVD
EUVD-2025-37837
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
zucchetti zmaintenance_infinity 4.1
zucchetti infinity_zmaintenance to 4.1 (exc)
zucchetti infinity_zucchetti to 4.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a reflected cross-site scripting (XSS) issue in the /jsp/gsfr_feditorHTML.jsp endpoint of Zucchetti ZMaintenance Infinity v4.1. It allows attackers to inject malicious JavaScript code into the pHtmlSource parameter, which then executes in the browser of a user who visits the affected page.


How can this vulnerability impact me? :

An attacker exploiting this vulnerability can execute arbitrary JavaScript in the context of a user's browser, potentially leading to theft of session cookies, user impersonation, defacement, or redirection to malicious sites, thereby compromising user data and security.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart