Filtered by vendor Zucchetti
Subscriptions
Total
23 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-61431 | 1 Zucchetti | 2 Infinity Zucchetti, Zmaintenance Infinity | 2025-11-06 | 6.1 Medium |
| A reflected cross-site scripted (XSS) vulnerability in the /jsp/gsfr_feditorHTML.jsp endpoint of Zucchetti ZMaintenance Infinity and Infinity Zucchetti v4.1 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into the pHtmlSource parameter. A vendor fix was released on 2025-06-18. | ||||
| CVE-2025-52180 | 1 Zucchetti | 1 Ad Hoc Infinity | 2025-11-04 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in Zucchetti Ad Hoc Infinity 4.2 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahi/jsp/gsfr_feditorHTML.jsp?pHtmlSource endpoint. | ||||
| CVE-2025-52179 | 1 Zucchetti | 1 Ad Hoc Revolution | 2025-11-04 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in Zucchetti Ad Hoc Revolution 4.1 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahrw/jsp/gsfr_feditorHTML.jsp endpoint. | ||||
| CVE-2024-51322 | 1 Zucchetti | 1 Ad Hoc Infinity | 2025-06-12 | 5.4 Medium |
| Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /jsp/home.jsp, /jsp/gsfr_feditorHTML.jsp, /servlet/SPVisualZoom, /jsp/gsmd_container.jsp components | ||||
| CVE-2024-51319 | 1 Zucchetti | 1 Ad Hoc Infinity | 2025-05-28 | 7.3 High |
| A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell through /jsp/zimg_upload.jsp. | ||||
| CVE-2024-51320 | 1 Zucchetti | 1 Ad Hoc Infinity | 2025-05-28 | 5.4 Medium |
| Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /servlet/gsdm_fsave_htmltmp, /servlet/gsdm_btlk_openfile components | ||||
| CVE-2024-51321 | 1 Zucchetti | 1 Ad Hoc Infinity | 2025-05-28 | 7.6 High |
| In Zucchetti Ad Hoc Infinity 2.4, an improper check on the m_cURL parameter allows an attacker to redirect the victim to an attacker-controlled website after the authentication. | ||||
| CVE-2023-42234 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | 5.4 Medium |
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Request Forgery (CSRF) via the WSCView function. | ||||
| CVE-2023-42233 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | 6.1 Medium |
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the Filter/FilterEditor function. | ||||
| CVE-2023-42232 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | 7.5 High |
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Navigator/Index function. | ||||
| CVE-2023-42231 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | 8.1 High |
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can delete admin users by sending a request to the "WSCView/Delete" function. | ||||
| CVE-2023-42230 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | 6.1 Medium |
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the WSCView/Save function. | ||||
| CVE-2023-42229 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | 6.5 Medium |
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal. Arbitrary files can be created on the system via authenticated SOAP requests to the WSConnector service. | ||||
| CVE-2023-42228 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | 8.8 High |
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can edit their own ACL rules by sending a request to the "AclList/SaveAclRules" administrative function. | ||||
| CVE-2023-42227 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | 7.5 High |
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the WSCView/Save function. | ||||
| CVE-2023-42226 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | 7.5 High |
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via Email/SaveAttachment function. | ||||
| CVE-2023-42225 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | 7.5 High |
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Attachment/DownloadTempFile function. | ||||
| CVE-2021-42369 | 1 Zucchetti | 1 Imagicle Uc Suite | 2024-11-21 | 9.9 Critical |
| Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI. | ||||
| CVE-2019-18207 | 1 Zucchetti | 1 Infobusiness | 2024-11-21 | 5.4 Medium |
| In Zucchetti InfoBusiness before and including 4.4.1, an authenticated user can inject client-side code due to improper validation of the Title field in the InfoBusiness Web Component. The payload will be triggered every time a user browses the reports page. | ||||
| CVE-2019-18206 | 1 Zucchetti | 1 Infobusiness | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Zucchetti InfoBusiness before and including 4.4.1 allows arbitrary file upload. | ||||