Vulnerability Details CVE-2025-52358
A cross-site scripting vulnerability in Vivaldi United Group iCONTROL+ Server including Firmware version 4.7.8.0.eden Logic version 5.32 and below. This issue allows attackers to inject JavaScript payloads within the error or edit-menu-item parameters which are then executed in the victim's browser session.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.6%
CVSS Severity
CVSS v3 Score 6.3
Products affected by CVE-2025-52358
-
cpe:2.3:a:vivaldigroup:icontrol+_server:5.32
-
cpe:2.3:h:vivaldigroup:vivaldi_domotica_icontrol:-
-
cpe:2.3:o:vivaldigroup:vivaldi_domotica_icontrol_firmware:4.7.8.0.eden