{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T03:02:57.274","vulnerabilities":[{"cve":{"id":"CVE-2025-52358","sourceIdentifier":"cve@mitre.org","published":"2025-07-29T14:15:37.007","lastModified":"2025-08-06T20:53:33.560","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A cross-site scripting vulnerability in Vivaldi United Group iCONTROL+ Server including Firmware version 4.7.8.0.eden Logic version 5.32 and below. This issue allows attackers to inject JavaScript payloads within the error or edit-menu-item parameters which are then executed in the victim's browser session."},{"lang":"es","value":"Una vulnerabilidad de cross-site scripting en Vivaldi United Group iCONTROL+ Server, incluyendo la versión de firmware 4.7.8.0.eden Logic 5.32 y anteriores. Este problema permite a los atacantes inyectar payloads de JavaScript en los parámetros \"error\" o \"edit-menu-item\", que se ejecutan en la sesión del navegador de la víctima."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vivaldigroup:icontrol\\+_server:5.32:*:*:*:*:*:*:*","matchCriteriaId":"5CF75A01-5DCB-4EC5-B911-F6B7606A3E2A"},{"vulnerable":true,"criteria":"cpe:2.3:o:vivaldigroup:vivaldi_domotica_icontrol_firmware:4.7.8.0.eden:*:*:*:*:*:*:*","matchCriteriaId":"F86C1EDC-0BB6-4DBD-A687-9913D9389D00"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:vivaldigroup:vivaldi_domotica_icontrol:-:*:*:*:*:*:*:*","matchCriteriaId":"006EC222-9749-4DE9-9957-3C9B12AA07A1"}]}]}],"references":[{"url":"https://github.com/MatJosephs/CVEs/blob/main/CVE-2025-52358/README.md","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://vivaldigroup.it/en/","source":"cve@mitre.org","tags":["Product"]}]}}]}