CVE-2025-1810

Name of the Vulnerable Software and Affected Versions Pixsoft Vivaz version 6.0.11

Description A vulnerability was found in the Login Endpoint component of Pixsoft Vivaz. The manipulation of the sistema argument in the "/servlet?act=login&submit=1&evento=0&pixrnd=0125021817031859360231" endpoint leads to cross-site scripting. This issue can be exploited remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations As a temporary workaround, consider restricting access to the "/servlet?act=login&submit=1&evento=0&pixrnd=0125021817031859360231" endpoint until a patch is available. Avoid using the sistema argument in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.