CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-6954

unknowncovered by 1 sourcefirst seen 2026-06-30
Cross-Site Scripting (XSS) vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into the victim’s browser by sending a malicious URL via the 'urlDestino' parameter in '/portal.do'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, display phishing interfaces, or perform actions on the user’s behalf.

⚡ Watch CVE-2026-6954

Get an email if CVE-2026-6954 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-6954

CVE.org record

Embed the live status

CVE-2026-6954 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-6954 status](https://www.csirts.com/badge/CVE-2026-6954)](https://www.csirts.com/cve/CVE-2026-6954)