Zucchetti

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-61431 1Zucchetti 2Infinity Zmaintenance Infinity Zucchetti Feb 4, 2026 Nov 4, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A reflected cross-site scripted (XSS) vulnerability in the /jsp/gsfr_feditorHTML.jsp endpoint of Zucchetti ZMaintenance Infinity and Infinity Zucchetti v4.1 and earlier allows attackers to execute arbitrary Javascript in...Show more A reflected cross-site scripted (XSS) vulnerability in the /jsp/gsfr_feditorHTML.jsp endpoint of Zucchetti ZMaintenance Infinity and Infinity Zucchetti v4.1 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into the pHtmlSource parameter. A vendor fix was released on 2025-06-18.Show less
CVE-2025-52180 1Zucchetti 1Ad Hoc Infinity Dec 22, 2025 Oct 30, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-site scripting (XSS) vulnerability in Zucchetti Ad Hoc Infinity 4.2 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahi/jsp/gsfr_feditorHTML....Show more Cross-site scripting (XSS) vulnerability in Zucchetti Ad Hoc Infinity 4.2 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahi/jsp/gsfr_feditorHTML.jsp?pHtmlSource endpoint.Show less
CVE-2024-51322 1Zucchetti 1Ad Hoc Infinity Jun 12, 2025 Mar 11, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /jsp/home.jsp, /jsp/gsfr_feditorHTML.jsp, /servlet/SPVisualZoom, /jsp/gsmd_con...Show more Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /jsp/home.jsp, /jsp/gsfr_feditorHTML.jsp, /servlet/SPVisualZoom, /jsp/gsmd_container.jsp componentsShow less
CVE-2024-51321 1Zucchetti 1Ad Hoc Infinity May 28, 2025 Mar 11, 2025 N/A· v4 7.6 HIGH· v3 N/A· v2 In Zucchetti Ad Hoc Infinity 2.4, an improper check on the m_cURL parameter allows an attacker to redirect the victim to an attacker-controlled website after the authentication.
CVE-2024-51320 1Zucchetti 1Ad Hoc Infinity May 28, 2025 Mar 11, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /servlet/gsdm_fsave_htmltmp, /servlet/gsdm_btlk_openfile components
CVE-2024-51319 1Zucchetti 1Ad Hoc Infinity May 28, 2025 Mar 11, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell through /jsp/zimg_upload.j...Show more A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell through /jsp/zimg_upload.jsp.Show less
CVE-2023-42234 1Zucchetti 1Helpdeskadvanced Apr 17, 2025 Jan 13, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Request Forgery (CSRF) via the WSCView function.
CVE-2023-42233 1Zucchetti 1Helpdeskadvanced Apr 17, 2025 Jan 13, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the Filter/FilterEditor function.
CVE-2023-42232 1Zucchetti 1Helpdeskadvanced Apr 17, 2025 Jan 13, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Navigator/Index function.
CVE-2023-42231 1Zucchetti 1Helpdeskadvanced Apr 17, 2025 Jan 13, 2025 N/A· v4 8.1 HIGH· v3 N/A· v2 Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can delete admin users by sending a request to the "WSCView/Delete" function.
CVE-2023-42230 1Zucchetti 1Helpdeskadvanced Apr 17, 2025 Jan 13, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the WSCView/Save function.
CVE-2023-42229 1Zucchetti 1Helpdeskadvanced Apr 17, 2025 Jan 13, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal. Arbitrary files can be created on the system via authenticated SOAP requests to the WSConnector service.
CVE-2023-42228 1Zucchetti 1Helpdeskadvanced Apr 17, 2025 Jan 13, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can edit their own ACL rules by sending a request to the "AclList/SaveAclRules" administrative function.
CVE-2023-42227 1Zucchetti 1Helpdeskadvanced Apr 17, 2025 Jan 13, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the WSCView/Save function.
CVE-2023-42226 1Zucchetti 1Helpdeskadvanced Apr 17, 2025 Jan 13, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via Email/SaveAttachment function.
CVE-2023-42225 1Zucchetti 1Helpdeskadvanced Apr 17, 2025 Jan 13, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Attachment/DownloadTempFile function.
CVE-2021-42369 1Zucchetti 1Imagicle Uc Suite Nov 21, 2024 Oct 14, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI.
CVE-2019-18207 1Zucchetti 1Infobusiness Nov 21, 2024 Oct 30, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 In Zucchetti InfoBusiness before and including 4.4.1, an authenticated user can inject client-side code due to improper validation of the Title field in the InfoBusiness Web Component. The payload will be triggered every...Show more In Zucchetti InfoBusiness before and including 4.4.1, an authenticated user can inject client-side code due to improper validation of the Title field in the InfoBusiness Web Component. The payload will be triggered every time a user browses the reports page.Show less
CVE-2019-18206 1Zucchetti 1Infobusiness Nov 21, 2024 Oct 30, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Zucchetti InfoBusiness before and including 4.4.1 allows arbitrary file upload.
CVE-2019-18205 1Zucchetti 1Infobusiness Nov 21, 2024 Oct 30, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Multiple Reflected Cross-site Scripting (XSS) vulnerabilities exist in Zucchetti InfoBusiness before and including 4.4.1. The browsing component did not properly sanitize user input (encoded in base64). This also applies...Show more Multiple Reflected Cross-site Scripting (XSS) vulnerabilities exist in Zucchetti InfoBusiness before and including 4.4.1. The browsing component did not properly sanitize user input (encoded in base64). This also applies to the search functionality for the searchKey parameter.Show less

12 Next