HTML Injection Vulnerability in Intermark IT's WebControl CMS
CVE-2026-6953

5.1MEDIUM

Key Information:

Vendor: Intermark It
Status: Webcontrol Cms
Vendor: CVE Published:; 30 June 2026

🔔 Create Intermark It Vulnerability Alert

What is CVE-2026-6953?

An HTML injection vulnerability exists in Intermark IT's WebControl CMS version 3.5, permitting attackers to inject malicious HTML code through the contact form. By exploiting this flaw, an attacker may send emails containing harmful HTML content to unsuspecting victims. This is achieved by crafting a specially designed request utilizing the 'nombreApellidos', 'dirección ', and 'comentarios ' parameters directed at '/processContact.do'. Organizations using this CMS are advised to implement security measures to prevent potential exploitation.

Affected Version(s)

WebControl CMS 0

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
Apr 24, 2026

Credit

Erik Villegas

CVE-2026-6953 Data

JSON