CVE-2025-43924 | THREATINT

Description

Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController (for /fp/admin/settings/loginpage) and the rootserviceurl parameter in FriendsController (for /fp/admin/settings/friends), entered by an admin, allow stored XSS.

PUBLISHED Reserved 2025-04-19 | Published 2025-06-03 | Updated 2025-06-04 | Assigner mitre

References

www.unicomsi.com/products/focal-point/

www.unicomsi.com/security-advisory/

cve.org (CVE-2025-43924)

nvd.nist.gov (CVE-2025-43924)

Download JSON