CVE-2026-6954
Multiple vulnerabilities in Intermark IT's WebControl CMS
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Cross-Site Scripting (XSS) vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into the victim’s browser by sending a malicious URL via the 'urlDestino' parameter in '/portal.do'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, display phishing interfaces, or perform actions on the user’s behalf.
| CWE | CWE-79 |
| Vendor | intermark it |
| Product | webcontrol cms |
| Published | Jun 30, 2026 |
Stay Ahead of the Next One
Get instant alerts for intermark it webcontrol cms
Be the first to know when new unknown vulnerabilities affecting intermark it webcontrol cms are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Intermark IT / WebControl CMS
0 < *
References
Credits
Erik Villegas