VYPR

AD Hoc Infinity

by Zucchetti

CVEs (5)

  • CVE-2025-52180Oct 30, 2025
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in Zucchetti Ad Hoc Infinity 4.2 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahi/jsp/gsfr_feditorHTML.jsp?pHtmlSource endpoint.

  • CVE-2024-51321Mar 11, 2025
    risk 0.00cvss epss 0.00

    In Zucchetti Ad Hoc Infinity 2.4, an improper check on the m_cURL parameter allows an attacker to redirect the victim to an attacker-controlled website after the authentication.

  • CVE-2024-51319Mar 11, 2025
    risk 0.00cvss epss 0.00

    A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell through /jsp/zimg_upload.jsp.

  • CVE-2024-51320Mar 11, 2025
    risk 0.00cvss epss 0.00

    Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /servlet/gsdm_fsave_htmltmp, /servlet/gsdm_btlk_openfile components

  • CVE-2024-51322Mar 11, 2025
    risk 0.00cvss epss 0.00

    Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /jsp/home.jsp, /jsp/gsfr_feditorHTML.jsp, /servlet/SPVisualZoom, /jsp/gsmd_container.jsp components