CVE-2025-43924 Information

Description

Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController (for /fp/admin/settings/loginpage) and the rootserviceurl parameter in FriendsController (for /fp/admin/settings/friends) entered by an admin allow stored XSS.

Reference

https://www.unicomsi.com/products/focal-point/ https://www.unicomsi.com/security-advisory/ Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController (for /fp/admin/settings/loginpage) and the rootserviceurl parameter in FriendsController (for /fp/admin/settings/friends) entered by an admin allow stored XSS.