CVE Catalog

CVE-2026-6953

MediumCVSS 5.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.36%

28th percentile — higher than 28% of all known CVEs

Summary

An HTML injection vulnerability has been discovered in Intermark IT's WebControl CMS v3.5. An attacker can send an email containing malicious HTML code to a victim via the contact form. Exploitation requires sending a request with the 'nombreApellidos', 'dirección', and 'comentarios' parameters to '/processContact.do'.

Risk Assessment

The risk involves potential phishing attacks or credential theft by embedding malicious HTML code in an email sent from a trusted CMS system.

Recommendation

Immediately update WebControl CMS to the latest version and implement input filtering and output encoding for all contact form parameters.

Original NVD description (English source)

HTML injection vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to send an email containing malicious HTML code to a victim via the contact form. To exploit this vulnerability, the attacker must send a request using the 'nombreApellidos', 'dirección ', and 'comentarios ' parameters to '/processContact.do'.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS