Skip to main content

DernekWeb CVE-2026-7498

| EUVD-2026-30759 HIGH
Cross-site Scripting (XSS) (CWE-79)
2026-05-18 TR-CERT GHSA-cw64-mj5p-2vxf
XSS
8.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
May 18, 2026 - 09:31 vuln.today

DescriptionNVD

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Basamak Information Technology Consulting and Organization Trade Ltd. Co. DernekWeb allows Stored XSS.

This issue affects DernekWeb: through 30122025.

AnalysisAI

Stored cross-site scripting (XSS) in DernekWeb through version 30122025 enables attackers to inject persistent malicious scripts that execute when victims view affected pages. The vulnerability requires no authentication to exploit but does require user interaction (viewing the compromised page). …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify all DernekWeb instances in production and inventory affected systems and user populations. Within 7 days: Implement input validation and output encoding controls on user-facing pages; restrict administrative access to content management functions; enable HTTP-only and Secure flags on session cookies; deploy Web Application Firewall (WAF) rules to detect and block script injection patterns targeting DernekWeb. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-7498 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy