Zucchetti
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Zucchetti product.
RSS Feeds for Zucchetti security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Zucchetti products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Zucchetti Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2026 there have been 0 vulnerabilities in Zucchetti. Last year, in 2025 Zucchetti had 15 security vulnerabilities published. Right now, Zucchetti is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 15 | 6.10 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 8.80 |
| 2020 | 0 | 0.00 |
| 2019 | 5 | 0.00 |
It may take a day or so for new Zucchetti vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Zucchetti Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2025-52180 | Oct 30, 2025 |
XSS in Zucchetti Ad Hoc Infinity 4.2 via /ahi/jsp/gsfr_feditorHTML.jspCross-site scripting (XSS) vulnerability in Zucchetti Ad Hoc Infinity 4.2 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahi/jsp/gsfr_feditorHTML.jsp?pHtmlSource endpoint. |
Ad Hoc Infinity
|
| CVE-2024-51322 | Mar 11, 2025 |
XSS & RCE in Zucchetti Ad Hoc Infinity 2.4 via JSP ComponentsCross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /jsp/home.jsp, /jsp/gsfr_feditorHTML.jsp, /servlet/SPVisualZoom, /jsp/gsmd_container.jsp components |
Ad Hoc Infinity
|
| CVE-2024-51319 | Mar 11, 2025 |
Zucchetti Ad Hoc Infinity 2.4 RCE via LFI in /servlet/Report – JSP uploadA local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell through /jsp/zimg_upload.jsp. |
Ad Hoc Infinity
|
| CVE-2024-51320 | Mar 11, 2025 |
Zucchetti Ad Hoc Infinity 2.4 XSS RCE via gsdm_fsave_htmltmp/gsdm_btlk_openfileCross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /servlet/gsdm_fsave_htmltmp, /servlet/gsdm_btlk_openfile components |
Ad Hoc Infinity
|
| CVE-2024-51321 | Mar 11, 2025 |
Ad Hoc Infinity 2.4 Improper Redirect (m_cURL) After AuthIn Zucchetti Ad Hoc Infinity 2.4, an improper check on the m_cURL parameter allows an attacker to redirect the victim to an attacker-controlled website after the authentication. |
Ad Hoc Infinity
|
| CVE-2023-42230 | Jan 13, 2025 |
Pat Infinite Solutions HelpdeskAdvanced <=11.0.33 XSS via WSCView/SavePat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the WSCView/Save function. |
Helpdeskadvanced
|
| CVE-2023-42225 | Jan 13, 2025 |
Pat HelpdeskAdvanced <= 11.0.33 - DIR TRAV via Attachment/DownloadTempFilePat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Attachment/DownloadTempFile function. |
Helpdeskadvanced
|
| CVE-2023-42226 | Jan 13, 2025 |
Dir.Trav in PatInfiniteSolutions HelpdeskAdv <=11.0.33 Email/SaveAttachmentPat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via Email/SaveAttachment function. |
Helpdeskadvanced
|
| CVE-2023-42227 | Jan 13, 2025 |
Pat Infinite Solutions HelpdeskAdvanced <=11.0.33 Dir Traversal via WSCView/SavePat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the WSCView/Save function. |
Helpdeskadvanced
|
| CVE-2023-42228 | Jan 13, 2025 |
HelpdeskAdvanced <=11.0.33: Incorrect Access Control via AclList/SaveAclRulesPat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can edit their own ACL rules by sending a request to the "AclList/SaveAclRules" administrative function. |
Helpdeskadvanced
|
| CVE-2023-42229 | Jan 13, 2025 |
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 DIRTRAV via WSConnector SOAPPat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal. Arbitrary files can be created on the system via authenticated SOAP requests to the WSConnector service. |
Helpdeskadvanced
|
| CVE-2023-42231 | Jan 13, 2025 |
HelpdeskAdvanced <=11.0.33 Access Control: Admin Deletion via WSCView/DeletePat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can delete admin users by sending a request to the "WSCView/Delete" function. |
Helpdeskadvanced
|
| CVE-2023-42232 | Jan 13, 2025 |
HelpdeskAdvanced <=11.0.33 Dir Traversal via Navigator/IndexPat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Navigator/Index function. |
Helpdeskadvanced
|
| CVE-2023-42233 | Jan 13, 2025 |
HelpdeskAdvanced <= 11.0.33 XSS via Filter/FilterEditorPat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the Filter/FilterEditor function. |
Helpdeskadvanced
|
| CVE-2023-42234 | Jan 13, 2025 |
HelpdeskAdvanced 11.0.33 CSRF via WSCView in Infinite SolutionsPat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Request Forgery (CSRF) via the WSCView function. |
Helpdeskadvanced
|
| CVE-2021-42369 | Oct 14, 2021 |
Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injectionImagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI. |
Imagicle Uc Suite
|
| CVE-2019-18207 | Oct 30, 2019 |
In Zucchetti InfoBusiness before and including 4.4.1, an authenticated userIn Zucchetti InfoBusiness before and including 4.4.1, an authenticated user can inject client-side code due to improper validation of the Title field in the InfoBusiness Web Component. The payload will be triggered every time a user browses the reports page. |
Infobusiness
|
| CVE-2019-18206 | Oct 30, 2019 |
A cross-site request forgery (CSRF) vulnerability in Zucchetti InfoBusiness before and including 4.4.1A cross-site request forgery (CSRF) vulnerability in Zucchetti InfoBusiness before and including 4.4.1 allows arbitrary file upload. |
Infobusiness
|
| CVE-2019-18205 | Oct 30, 2019 |
Multiple Reflected Cross-site Scripting (XSS) vulnerabilities exist in Zucchetti InfoBusiness before and including 4.4.1Multiple Reflected Cross-site Scripting (XSS) vulnerabilities exist in Zucchetti InfoBusiness before and including 4.4.1. The browsing component did not properly sanitize user input (encoded in base64). This also applies to the search functionality for the searchKey parameter. |
Infobusiness
|
| CVE-2019-18204 | Oct 30, 2019 |
Zucchetti InfoBusiness before and including 4.4.1Zucchetti InfoBusiness before and including 4.4.1 allows any authenticated user to upload .php files in order to achieve code execution. |
Infobusiness
|
| CVE-2019-10257 | Jun 19, 2019 |
Zucchetti HR Portal through 2019-03-15 allows Directory TraversalZucchetti HR Portal through 2019-03-15 allows Directory Traversal. Unauthenticated users can escape outside of the restricted location (dot-dot-slash notation) to access files or directories that are elsewhere on the system. Through this vulnerability it is possible to read the application's java sources from /WEB-INF/classes/*.class |
Hr Portal
|