PT-2025-31203 · Unknown +1 · Icontrol+ Server +1

Matjosephs

Published

2025-07-29

Updated

2025-07-29

CVE-2025-52358

Report an issue

CVSS v3.1

6.3

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions:

Vivaldi United Group iCONTROL+ Server versions 4.7.8.0.eden Logic 5.32 and earlier

Description:

A cross-site scripting issue exists in Vivaldi United Group iCONTROL+ Server. This allows attackers to inject JavaScript payloads into the `error` or `edit-menu-item` parameters, which are then executed in the victim’s browser session.

Recommendations:

Versions prior to 4.7.8.0.eden Logic 5.32 should be updated.

Exploit

Fix

XSS

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-52358

Affected Products

Logic

Icontrol+ Server

PT-2025-31203 · Unknown +1 · Icontrol+ Server +1

Weakness Enumeration

Related Identifiers

Affected Products

References · 6