Cross-Site Scripting Vulnerability in Intermark IT's WebControl CMS
CVE-2026-6954

5.1MEDIUM

Key Information:

Vendor: Intermark It
Status: Webcontrol Cms
Vendor: CVE Published:; 30 June 2026

🔔 Create Intermark It Vulnerability Alert

What is CVE-2026-6954?

A Cross-Site Scripting (XSS) vulnerability exists in Intermark IT's WebControl CMS v3.5 that allows attackers to exploit the 'urlDestino' parameter within '/portal.do'. By crafting a malicious URL, an attacker can execute arbitrary JavaScript code or inject a dynamic iframe into a victim's browser. This exploitation method can lead to unauthorized access to sensitive user data like session cookies, enable phishing attacks, or facilitate unauthorized actions on behalf of the user.

Affected Version(s)

WebControl CMS 0

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
Apr 24, 2026

Credit

Erik Villegas

CVE-2026-6954 Data

JSON