Description
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Basamak Information Technology Consulting and Organization Trade Ltd. Co. DernekWeb allows Stored XSS.

This issue affects DernekWeb: through 30122025.
Published: 2026-05-18
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An attacker can inject malicious scripts into DernekWeb through an improperly neutralized input field. The payload is stored in the application database and later rendered within the web pages of the application, allowing the attacker to execute arbitrary scripts in the browsers of users who view the affected content. This vulnerability can lead to session hijacking, credential theft, or defacement of the site.

Affected Systems

DernekWeb, a product of Basamak Information Technology Consulting and Organization Trade Ltd. Co., is vulnerable in all releases up to version 30122025.

Risk and Exploitability

The flaw carries a CVSS score of 8.8, indicating a high severity. No EPSS score is publicly available, and it is not listed in the CISA KEV catalog. The likely attack vector is via web forms or other mechanisms that allow users to submit content that is later displayed to others without proper encoding. Exploitation requires the ability to submit data that the application stores and renders, and a victim who views the stored content will receive the malicious script.

Generated by OpenCVE AI on May 18, 2026 at 10:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update DernekWeb to the latest release that resolves the stored XSS flaw.
  • If no patch is yet available, disable or restrict any features that accept untrusted content and configure the application to apply strict HTML output encoding to all user‑supplied data.
  • Implement server‑side input validation and output encoding for all remaining user‑generated content paths to eliminate the possibility of XSS injection.

Generated by OpenCVE AI on May 18, 2026 at 10:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Basamak
Basamak dernekweb
Vendors & Products Basamak
Basamak dernekweb

Mon, 18 May 2026 09:00:00 +0000

Type Values Removed Values Added
Description Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Basamak Information Technology Consulting and Organization Trade Ltd. Co. DernekWeb allows Stored XSS. This issue affects DernekWeb: through 30122025.
Title Stored XSS in Basamak Informatics' DernekWeb
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Basamak Dernekweb
cve-icon MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published:

Updated: 2026-05-18T08:54:55.072Z

Reserved: 2026-04-30T13:42:57.679Z

Link: CVE-2026-7498

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-18T09:16:24.460

Modified: 2026-05-18T09:16:24.460

Link: CVE-2026-7498

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-18T10:48:49Z

Weaknesses