CVE-2026-6953

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Jun 30, 2026

Vendor unknown

Description

HTML injection vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to send an email containing malicious HTML code to a victim via the contact form. To exploit this vulnerability, the attacker must send a request using the 'nombreApellidos', 'dirección ', and 'comentarios ' parameters to '/processContact.do'.

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-intermark-its-webcontrol-cms