CVE-2025-52358 | THREATINT

Description

A cross-site scripting vulnerability in Vivaldi United Group iCONTROL+ Server including Firmware version 4.7.8.0.eden Logic version 5.32 and below. This issue allows attackers to inject JavaScript payloads within the error or edit-menu-item parameters which are then executed in the victim's browser session.

PUBLISHED Reserved 2025-06-16 | Published 2025-07-29 | Updated 2025-07-29 | Assigner mitre

References

vivaldigroup.it/en/

github.com/...osephs/CVEs/blob/main/CVE-2025-52358/README.md

cve.org (CVE-2025-52358)

nvd.nist.gov (CVE-2025-52358)

Download JSON