CVE-2026-6954: CWE-79 Improper neutralization of input during web page generation ('cross-site scripting') in Intermark IT WebControl CMS
CVE-2026-6954 is a Cross-Site Scripting (XSS) vulnerability in Intermark IT's WebControl CMS version 3.5. It allows attackers to execute arbitrary JavaScript or inject dynamic iframes via the 'urlDestino' parameter in the '/portal.do' endpoint. Exploitation can lead to theft of sensitive user data, such as session cookies, phishing, or unauthorized actions on behalf of users. The vulnerability has a medium severity score of 5.1. No patch or official remediation has been confirmed at this time.
AI Analysis
Technical Summary
This vulnerability in WebControl CMS v3.5 arises from improper neutralization of input in the 'urlDestino' parameter of the '/portal.do' page, enabling Cross-Site Scripting (CWE-79). An attacker can craft a malicious URL that executes JavaScript or injects iframes in the victim's browser context. This can be used to steal session cookies, display phishing content, or perform unauthorized actions. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required, user interaction needed, and limited impact on confidentiality and integrity.
Potential Impact
Successful exploitation allows attackers to execute arbitrary scripts in the context of the victim's browser session on the affected CMS, potentially leading to session hijacking, phishing, or unauthorized actions performed as the user. The impact is limited to the confidentiality and integrity of the user's session and data accessible via the browser.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution when clicking on URLs containing the 'urlDestino' parameter in the affected CMS. Implementing web application firewall (WAF) rules to detect and block malicious payloads targeting this parameter may help mitigate risk.
CVE-2026-6954: CWE-79 Improper neutralization of input during web page generation ('cross-site scripting') in Intermark IT WebControl CMS
Description
CVE-2026-6954 is a Cross-Site Scripting (XSS) vulnerability in Intermark IT's WebControl CMS version 3.5. It allows attackers to execute arbitrary JavaScript or inject dynamic iframes via the 'urlDestino' parameter in the '/portal.do' endpoint. Exploitation can lead to theft of sensitive user data, such as session cookies, phishing, or unauthorized actions on behalf of users. The vulnerability has a medium severity score of 5.1. No patch or official remediation has been confirmed at this time.
CVSS v4.0
Score 5.1medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in WebControl CMS v3.5 arises from improper neutralization of input in the 'urlDestino' parameter of the '/portal.do' page, enabling Cross-Site Scripting (CWE-79). An attacker can craft a malicious URL that executes JavaScript or injects iframes in the victim's browser context. This can be used to steal session cookies, display phishing content, or perform unauthorized actions. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required, user interaction needed, and limited impact on confidentiality and integrity.
Potential Impact
Successful exploitation allows attackers to execute arbitrary scripts in the context of the victim's browser session on the affected CMS, potentially leading to session hijacking, phishing, or unauthorized actions performed as the user. The impact is limited to the confidentiality and integrity of the user's session and data accessible via the browser.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution when clicking on URLs containing the 'urlDestino' parameter in the affected CMS. Implementing web application firewall (WAF) rules to detect and block malicious payloads targeting this parameter may help mitigate risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- INCIBE
- Date Reserved
- 2026-04-24T11:24:39.212Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a4391c127e9c79719866463
Added to database: 06/30/2026, 09:52:01 UTC
Last enriched: 06/30/2026, 10:06:38 UTC
Last updated: 06/30/2026, 10:43:18 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.