CVE-2026-30251 is a reflected cross-site scripting (XSS) vulnerability affecting the login_newpwd.php endpoint of ZenShare Suite version 17.0, a product by Interzen Consulting S.r.l. The vulnerability arises from improper sanitization of the codice_azienda parameter, which is directly reflected in the server's response without adequate encoding or validation. An attacker can craft a malicious URL containing JavaScript payloads within this parameter. When a user clicks this URL, the injected script executes in the context of the user's browser session, potentially allowing the attacker to steal session cookies, perform actions on behalf of the user, or redirect the user to malicious sites. Reflected XSS typically requires user interaction, such as clicking a link in an email or on a webpage. No authentication is required to exploit this vulnerability, increasing its risk profile. Although no known exploits have been reported in the wild and no official patches have been released, the vulnerability is publicly disclosed and could be targeted by attackers. The lack of a CVSS score means severity must be estimated based on impact and exploitability factors. The vulnerability affects ZenShare Suite installations running version 17.0, but the exact scope of affected deployments is not detailed. The vulnerability highlights the importance of secure input handling and output encoding in web applications to prevent script injection attacks.

The primary impact of this vulnerability is the potential compromise of user confidentiality and integrity. Successful exploitation can lead to session hijacking, allowing attackers to impersonate legitimate users and access sensitive data or perform unauthorized actions. It may also facilitate phishing attacks by redirecting users to malicious sites or displaying deceptive content. The availability impact is generally low for reflected XSS but could be leveraged in combination with other vulnerabilities to cause broader disruption. Organizations using ZenShare Suite v17.0, especially those with users accessing the login_newpwd.php endpoint, face increased risk of targeted attacks. The lack of authentication requirement lowers the barrier for exploitation, but user interaction is necessary, which somewhat limits automated mass exploitation. The absence of known exploits in the wild suggests limited immediate threat, but public disclosure increases the likelihood of future attacks. Overall, the vulnerability could undermine user trust and lead to data breaches or unauthorized access if exploited.

To mitigate this vulnerability, organizations should implement strict input validation and output encoding on the codice_azienda parameter to ensure that any injected scripts are neutralized before rendering in the browser. Employing Content Security Policy (CSP) headers can help restrict the execution of unauthorized scripts. Web application firewalls (WAFs) can be configured to detect and block malicious payloads targeting this parameter. User education is critical to reduce the risk of clicking on suspicious links, especially in phishing attempts. Monitoring web server logs for unusual requests to login_newpwd.php with suspicious parameters can aid early detection. Since no official patch is currently available, organizations should consider temporary workarounds such as disabling or restricting access to the vulnerable endpoint if feasible. Regularly updating ZenShare Suite when patches become available is essential. Additionally, conducting security assessments and penetration testing focused on input handling can prevent similar vulnerabilities.