PT-2026-53833 · Intermark It · Webcontrol Cms

Erik Villegas

Published

2026-06-30

Updated

2026-06-30

CVE-2026-6953

CVSS v4.0

5.1

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

Name of the Vulnerable Software and Affected Versions Intermark IT WebControl CMS version 3.5

Description An HTML injection issue exists in the contact form, allowing an attacker to send emails containing malicious HTML code to a victim. This is achieved by sending a request to the '/processContact.do' endpoint using the nombreApellidos, dirección, and comentarios parameters.

Recommendations As a temporary workaround, restrict access to the '/processContact.do' endpoint or avoid using the nombreApellidos, dirección, and comentarios parameters until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2026-6953

Affected Products

Webcontrol Cms

PT-2026-53833 · Intermark It · Webcontrol Cms

CVE-2026-6953

Weakness Enumeration

Related Identifiers

Affected Products

References · 3