CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-52180

Cross-site scripting (XSS) vulnerability in Zucchetti Ad Hoc Infinity 4.2 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahi/jsp/gsfr_feditorHTML.jsp?pHtmlSource endpoint.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 14.8%

CVSS Severity

CVSS v3 Score 6.1

References

https://gist.github.com/alex-xor/8d0f9f456e6840a955889305ea789ef8
https://www.zucchetti.it/

Products affected by CVE-2025-52180

Zucchetti » Ad Hoc Infinity » Version: Any

cpe:2.3:a:zucchetti:ad_hoc_infinity:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-52180

Products

Pricing

Contact Us