alex-xor/gist:8651dbdd413e4fa7240b0ab1b1845d76

## gistfile1.txt
CVE ID (pending public record): CVE-2025-61431

Affected products and versions:
- ZMaintenance Infinity version 4.1 and earlier
- Infinity Zucchetti version 4.1 and earlier

Affected component / endpoint (pattern):
- /jsp/gsfr_feditorHTML.jsp?pHtmlSource

Vulnerable parameter:
- pHtmlSource

Vulnerability type:
- Reflected Cross-Site Scripting (CWE-79) — unauthenticated, remote, client-side script execution triggered by unsanitized reflection of the pHtmlSource parameter.

Status:
- Vendor fixes were released on 2025-06-18.
- Coordinated disclosure window completed (90 days + 30-day extension; final date: 2025-10-16).
- Technical evidence (screenshots/PoC) has been provided privately to MITRE and the vendors.

Note: This gist contains only the minimum required information for CVE publication.
No exploit code or sensitive host details are published here.
	CVE ID (pending public record): CVE-2025-61431

	Affected products and versions:
	- ZMaintenance Infinity version 4.1 and earlier
	- Infinity Zucchetti version 4.1 and earlier

	Affected component / endpoint (pattern):
	- /jsp/gsfr_feditorHTML.jsp?pHtmlSource

	Vulnerable parameter:
	- pHtmlSource

	Vulnerability type:
	- Reflected Cross-Site Scripting (CWE-79) — unauthenticated, remote, client-side script execution triggered by unsanitized reflection of the pHtmlSource parameter.

	Status:
	- Vendor fixes were released on 2025-06-18.
	- Coordinated disclosure window completed (90 days + 30-day extension; final date: 2025-10-16).
	- Technical evidence (screenshots/PoC) has been provided privately to MITRE and the vendors.

	Note: This gist contains only the minimum required information for CVE publication.
	No exploit code or sensitive host details are published here.
No results found