NVD Vulnerability Detail
Search Exploit, PoC
CVE-2026-6954
Summary

Cross-Site Scripting (XSS) vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into the victim’s browser by sending a malicious URL via the 'urlDestino' parameter in '/portal.do'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, display phishing interfaces, or perform actions on the user’s behalf.

Publication Date June 30, 2026, 7:16 p.m.
Registration Date July 1, 2026, 4:23 a.m.
Last Update June 30, 2026, 11:16 p.m.
Related information, measures and tools
Common Vulnerabilities List