Description
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows Reflected XSS.

This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the product is not supported.
Published: 2026-07-03
Score: 6.1 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Raera’s Destekz product contains an improper neutralization of input during web page generation, resulting in a reflected Cross‑Site Scripting (XSS) flaw. An attacker can craft a malicious URL and, when a user visits that URL, execute arbitrary JavaScript in the victim’s browser. The impact is limited to the victim’s session; the attacker can steal credentials, perform phishing, or deface the page. The weakness is classified as CWE‑79.

Affected Systems

The vulnerability is present in all releases of Destekz up to 02062026. The vendor has confirmed the product is no longer supported and no patch will be released.

Risk and Exploitability

The CVSS score of 6.1 places the flaw in the Medium severity range. EPSS is not available and the vulnerability is not listed in CISA’s KEV catalog, suggesting no widespread exploitation yet. The attack vector is reflected XSS, meaning an attacker only needs to lure a victim to a crafted link or form, and no server‑side compromise is required. Given the lack of an official fix, the risk persists until the application is removed or mitigated by additional controls.

Generated by OpenCVE AI on July 3, 2026 at 17:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy a web application firewall to filter out malicious XSS payloads before they reach the application
  • Implement comprehensive input validation and output encoding in Destekz to prevent reflective XSS
  • If feasible, disable or remove the vulnerable component, or migrate the service to a supported, secure solution

Generated by OpenCVE AI on July 3, 2026 at 17:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Jul 2026 10:00:00 +0000

Type Values Removed Values Added
Description Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows Reflected XSS. This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the product is not supported.
Title XSS in Raera's Destekz
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published:

Updated: 2026-07-03T08:58:08.339Z

Reserved: 2026-03-17T12:19:47.203Z

Link: CVE-2026-4322

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-03T17:30:15Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')