Description
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Tegsoft Management and Information Services Trade Limited Company Online Support Application allows Reflected XSS.

This issue affects Online Support Application: from V3 through 31122025.
Published: 2026-05-04
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw arises from the Online Support Application’s failure to neutralize user input before incorporating it into generated web pages, allowing attackers to inject arbitrary JavaScript code. In a reflected XSS attack, such code runs in the victim’s browser context, potentially exposing the victim to malicious actions performed by the attacker.

Affected Systems

Tegsoft Management and Information Services Trade Limited Company’s Online Support Application is the affected product. All versions from V3 up to the release dated 31‑12‑2025 contain the vulnerability; newer releases are not reported to be vulnerable.

Risk and Exploitability

The CVSS score of 9.8 indicates a critical severity. The EPSS value is not available and the vulnerability is not yet listed in the CISA KEV catalog. The likely attack vector is a web‑browser that accesses the application with a crafted URL, requiring no special privileges beyond normal access to the interface; this inference is based on the nature of a reflected XSS flaw.

Generated by OpenCVE AI on May 4, 2026 at 09:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Online Support Application to a release issued after 31‑12‑2025 when the fix becomes available.
  • Apply proper output encoding to all user‑controlled data before it is rendered in the browser, following CWE‑79 guidelines.
  • Deploy a Web Application Firewall configured to detect and block reflected XSS payloads.

Generated by OpenCVE AI on May 4, 2026 at 09:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Tegsoft
Tegsoft online Support Application
Vendors & Products Tegsoft
Tegsoft online Support Application

Mon, 04 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 04 May 2026 08:45:00 +0000

Type Values Removed Values Added
Description Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Tegsoft Management and Information Services Trade Limited Company Online Support Application allows Reflected XSS. This issue affects Online Support Application: from V3 through 31122025.
Title XSS in Tegsoft's Online Support Application
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Tegsoft Online Support Application
cve-icon MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published:

Updated: 2026-05-04T12:44:35.681Z

Reserved: 2025-12-09T12:32:46.579Z

Link: CVE-2025-14320

cve-icon Vulnrichment

Updated: 2026-05-04T12:44:28.265Z

cve-icon NVD

Status : Received

Published: 2026-05-04T09:15:59.643

Modified: 2026-05-04T09:15:59.643

Link: CVE-2025-14320

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T16:06:03Z

Weaknesses