CVE-2025-61431

Name of the Vulnerable Software and Affected Versions Zucchetti ZMaintenance Infinity versions prior to 4.2 Zucchetti ZMaintenance Infinity Zucchetti version 4.1

Description A reflected cross-site scripting (XSS) issue exists in the /jsp/gsfr feditorHTML.jsp API endpoint of the software. This allows attackers to execute arbitrary Javascript within a user’s browser by injecting a crafted payload into the pHtmlSource parameter.

Recommendations Update Zucchetti ZMaintenance Infinity to version 4.2 or later. Update Zucchetti ZMaintenance Infinity Zucchetti to version 4.2 or later.