A vulnerability categorized as problematic has been discovered in Intermark IT WebControl CMS up to 3.5. Impacted is an unknown function of the file /portal.do of the component URL Handler. Executing a manipulation of the argument urlDestino can lead to cross site scripting.
This vulnerability is registered as CVE-2026-6954. It is possible to launch the attack remotely. No exploit is available.