CVE-2025-8079 - Vulnerability Details - OpenCVE

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akıllı Ticaret Software Technologies Ltd. Co. Smart Trade E-Commerce allows Reflected XSS.This issue affects Smart Trade E-Commerce: before 4.5.0.0.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.usom.gov.tr/bildirim/tr-25-0283

History

Mon, 22 Sep 2025 09:00:00 +0000

Type	Values Removed	Values Added
Description		Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akıllı Ticaret Software Technologies Ltd. Co. Smart Trade E-Commerce allows Reflected XSS.This issue affects Smart Trade E-Commerce: before 4.5.0.0.1.
Title		Reflected XSS in Akıllı Ticaret Software Technologies' Smart Trade E-Commerce
Weaknesses		CWE-79
References		https://www.usom.gov.tr/bildirim/tr-25-0283
Metrics		cvssV3_1 `{'score': 4.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2025-09-22T08:45:19.523Z

Updated: 2025-09-22T08:45:19.523Z

Reserved: 2025-07-23T10:00:51.902Z

Link: CVE-2025-8079

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8079", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2025-07-23T10:00:51.902Z", "datePublished": "2025-09-22T08:45:19.523Z", "dateUpdated": "2025-09-22T08:45:19.523Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Smart Trade E-Commerce", "vendor": "Ak\u0131ll\u0131 Ticaret Software Technologies Ltd. Co.", "versions": [{"lessThan": "4.5.0.0.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "\u0130rfan TANER"}], "datePublic": "2025-09-22T08:38:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ak\u0131ll\u0131 Ticaret Software Technologies Ltd. Co. Smart Trade E-Commerce allows Reflected XSS.<p>This issue affects Smart Trade E-Commerce: before 4.5.0.0.1.</p>"}], "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ak\u0131ll\u0131 Ticaret Software Technologies Ltd. Co. Smart Trade E-Commerce allows Reflected XSS.This issue affects Smart Trade E-Commerce: before 4.5.0.0.1."}], "impacts": [{"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "CAPEC-591 Reflected XSS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2025-09-22T08:45:19.523Z"}, "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0283"}], "source": {"advisory": "TR-25-0283", "defect": ["TR-25-0283"], "discovery": "UNKNOWN"}, "title": "Reflected XSS in Ak\u0131ll\u0131 Ticaret Software Technologies' Smart Trade E-Commerce", "x_generator": {"engine": "Vulnogram 0.2.0"}}}}