Description
IFTOP developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
Published: 2026-03-11
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑Site Scripting
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a reflected Cross‑Site Scripting (CWE‑79) defect in IFTOP that permits authenticated remote attackers to inject arbitrary JavaScript code into victim browsers through specially crafted URLs, leading to client‑side compromise such as credential theft, session hijacking, or page manipulation.

Affected Systems

The affected product is WellChoose IFTOP. Versions prior to IFTOP_P4_181 (no explicit sub‑versions listed) are vulnerable. No other versions or products are stated.

Risk and Exploitability

The CVSS score is 5.1, reflecting a medium severity issue, and the EPSS score is below 1%, indicating low current exploit likelihood. The vulnerability is not in the CISA KEV catalog. Exploitation requires an attacker to craft a malicious link and persuade or trick an authenticated user to visit it, making it an attacker‑initiated, client‑side attack.

Generated by OpenCVE AI on March 17, 2026 at 20:45 UTC.

Remediation

Vendor Solution

Update to verison IFTOP_P4_181 or later.

OpenCVE Recommended Actions

  • Update IFTOP to version IFTOP_P4_181 or later.

Generated by OpenCVE AI on March 17, 2026 at 20:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Wellchoose organization Portal System
CPEs cpe:2.3:a:wellchoose:organization_portal_system:*:*:*:*:*:*:*:*
Vendors & Products Wellchoose organization Portal System

Wed, 11 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 07:45:00 +0000

Type Values Removed Values Added
Description Update to verison IFTOP_P4_181 or later. IFTOP developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.

Wed, 11 Mar 2026 07:00:00 +0000

Type Values Removed Values Added
Description Update to verison IFTOP_P4_181 or later.
Title WellChoose|IFTOP - Reflected Cross-site Scripting
First Time appeared Wellchoose
Wellchoose iftop
Weaknesses CWE-79
CPEs cpe:2.3:a:wellchoose:iftop:*:*:*:*:*:*:*:*
Vendors & Products Wellchoose
Wellchoose iftop
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

Wellchoose Iftop Organization Portal System
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-03-11T13:57:49.338Z

Reserved: 2026-03-09T03:01:59.348Z

Link: CVE-2026-3825

cve-icon Vulnrichment

Updated: 2026-03-11T13:57:45.314Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-11T07:16:59.967

Modified: 2026-03-17T19:27:35.493

Link: CVE-2026-3825

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T14:37:41Z

Weaknesses