Skip to main content

Medik M Web

3 CVEs product

Monthly

CVE-2026-8315 MEDIUM This Month

Stored cross-site scripting in Mediküm Web (by Webbeyaz Web Design) enables authenticated low-privilege attackers to persist malicious scripts that execute in the browsers of other users who view the affected pages. All versions through 08072026 are affected per the CVE scope, with the CVSS scope-change metric (S:C) confirming cross-boundary execution into victim browser sessions. Critically, the vendor has confirmed the product is no longer supported, meaning no patch will be issued - organizations still running this software have no vendor remediation path. No public exploit code or CISA KEV listing has been identified at time of analysis.

XSS Medik M Web
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-8310 MEDIUM This Month

Reflected XSS in Mediküm Web, a Turkish healthcare web application by Webbeyaz Web Design, enables unauthenticated remote attackers to inject and execute malicious scripts in victims' browsers by tricking them into visiting a crafted URL. All versions through 08072026 are affected with no patch available or forthcoming, as the vendor has confirmed the product is end-of-life and unsupported. No public exploit code or active exploitation has been identified at time of analysis, but the permanent unpatched status makes decommissioning the only definitive remediation.

XSS Medik M Web
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-8307 CRITICAL Act Now

SQL injection in Webbeyaz Web Design's Mediküm Web application (all versions through build 08072026) lets remote unauthenticated attackers inject arbitrary SQL commands, yielding full read/write control over the backend database. The CVSS 9.8 rating reflects network-reachable exploitation with no authentication or user interaction; no public exploit has been identified at time of analysis. Critically, the vendor confirmed to TR-CERT that the product is end-of-life and unsupported, so no fix will be issued.

SQLi Medik M Web
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored cross-site scripting in Mediküm Web (by Webbeyaz Web Design) enables authenticated low-privilege attackers to persist malicious scripts that execute in the browsers of other users who view the affected pages. All versions through 08072026 are affected per the CVE scope, with the CVSS scope-change metric (S:C) confirming cross-boundary execution into victim browser sessions. Critically, the vendor has confirmed the product is no longer supported, meaning no patch will be issued - organizations still running this software have no vendor remediation path. No public exploit code or CISA KEV listing has been identified at time of analysis.

XSS Medik M Web
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Reflected XSS in Mediküm Web, a Turkish healthcare web application by Webbeyaz Web Design, enables unauthenticated remote attackers to inject and execute malicious scripts in victims' browsers by tricking them into visiting a crafted URL. All versions through 08072026 are affected with no patch available or forthcoming, as the vendor has confirmed the product is end-of-life and unsupported. No public exploit code or active exploitation has been identified at time of analysis, but the permanent unpatched status makes decommissioning the only definitive remediation.

XSS Medik M Web
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

SQL injection in Webbeyaz Web Design's Mediküm Web application (all versions through build 08072026) lets remote unauthenticated attackers inject arbitrary SQL commands, yielding full read/write control over the backend database. The CVSS 9.8 rating reflects network-reachable exploitation with no authentication or user interaction; no public exploit has been identified at time of analysis. Critically, the vendor confirmed to TR-CERT that the product is end-of-life and unsupported, so no fix will be issued.

SQLi Medik M Web
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy