CVE-2025-61431 | THREATINT

Description

A reflected cross-site scripted (XSS) vulnerability in the /jsp/gsfr_feditorHTML.jsp endpoint of Zucchetti ZMaintenance Infinity and Infinity Zucchetti v4.1 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into the pHtmlSource parameter. A vendor fix was released on 2025-06-18.

PUBLISHED Reserved 2025-09-26 | Published 2025-11-04 | Updated 2025-11-04 | Assigner mitre

References

www.zucchetti.it/

gist.github.com/alex-xor/8651dbdd413e4fa7240b0ab1b1845d76

cve.org (CVE-2025-61431)

nvd.nist.gov (CVE-2025-61431)

Download JSON