Organization Portal System
CVE-2026-3825
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
IFTOP developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
AnalysisAI
Reflected XSS in the Organization Portal System's IFTOP module enables authenticated attackers to inject malicious JavaScript that executes in victims' browsers via social engineering or phishing links. This vulnerability requires user interaction to trigger and affects confidentiality and integrity with no current patch available.
Technical ContextAI
Classified as CWE-79 (Cross-site Scripting (XSS)). IFTOP developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
RemediationAI
Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.
More in Organization Portal System
View allLFI to RCE in IFTOP by WellChoose.
Organization Portal System developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated re
Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing unauthenticated
Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attacker
Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote at
WellChoose's IFTOP Organization Portal System contains an open redirect vulnerability that permits authenticated attacke
Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthen
Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthen
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today