Description
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. E-Commerce allows Reflected XSS.

This issue affects e-Commerce: before 1.25.01.06.
Published: 2026-06-23
Score: 6.1 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a reflected XSS flaw caused by improper neutralization of user‑supplied input during page rendering in Akinsoft’s e‑Commerce platform. An attacker can embed malicious script payloads in URLs or form submissions that are reflected back in the response, enabling theft of session cookies, defacement, or phishing attacks. This weakness aligns with CWE‑79 and compromises confidentiality, integrity, and potentially availability if the injected script triggers further malicious activity.

Affected Systems

The affected product is Akinsoft’s e‑Commerce application, versions prior to 1.25.01.06. Administrators should verify that their deployed instances are not running a susceptible version and review vendor release notes for the applicable fix.

Risk and Exploitability

The CVSS score of 6.1 indicates moderate risk; the EPSS score is not available, so current exploitation probability cannot be determined. The vulnerability is not listed in CISA’s KEV catalog, suggesting no documented exploits yet. The likely attack vector is web‑based, requiring an attacker to craft a URL or form that the application reflects without sanitization, which can be achieved simply by visiting a malicious link or submitting a form containing a payload. Accordingly, the risk is moderate but non‑trivial, especially for publicly exposed instances.

Generated by OpenCVE AI on June 23, 2026 at 13:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Akinsoft e‑Commerce to version 1.25.01.06 or later where the reflected XSS fix is applied.
  • Deploy a Web Application Firewall (WAF) rule set that blocks reflected XSS payloads and sanitizes user input as an interim measure.
  • Review and enforce output encoding for any remaining user‑controlled data to prevent future XSS vectors.

Generated by OpenCVE AI on June 23, 2026 at 13:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 23 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
Description Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. E-Commerce allows Reflected XSS. This issue affects e-Commerce: before 1.25.01.06.
Title Reflected XSS in Akinsoft's e-Commerce
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published:

Updated: 2026-06-23T13:05:34.239Z

Reserved: 2026-06-04T13:16:20.737Z

Link: CVE-2026-10857

cve-icon Vulnrichment

Updated: 2026-06-23T13:05:29.837Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T13:30:03Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')