CVE-2025-52358 – Vivaldi iCONTROL+ Server Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-52358

Published : July 29, 2025, 2:15 p.m. | 1 hour, 11 minutes ago

Description : A cross-site scripting vulnerability in Vivaldi United Group iCONTROL+ Server including Firmware version 4.7.8.0.eden Logic version 5.32 and below. This issue allows attackers to inject JavaScript payloads within the error or edit-menu-item parameters which are then executed in the victim’s browser session.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…