Skip to main content

Online Support Application

1 CVEs product

Monthly

CVE-2025-14320 CRITICAL Act Now

Remote code execution via reflected XSS in Tegsoft Online Support Application V3 through build 31122025 allows unauthenticated attackers to execute arbitrary JavaScript in victim browsers with full application privileges. Despite being classified as CWE-79 (XSS), the CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H indicates critical impact typically reserved for RCE vulnerabilities, suggesting severe exploitation potential beyond typical XSS. Reported by TR-CERT (Turkish national CERT) with advisory published at USOM, indicating regional significance. EPSS data not available; no CISA KEV listing or public POC identified at time of analysis.

XSS Online Support Application
NVD
CVSS 3.1
9.8
EPSS
0.0%
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution via reflected XSS in Tegsoft Online Support Application V3 through build 31122025 allows unauthenticated attackers to execute arbitrary JavaScript in victim browsers with full application privileges. Despite being classified as CWE-79 (XSS), the CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H indicates critical impact typically reserved for RCE vulnerabilities, suggesting severe exploitation potential beyond typical XSS. Reported by TR-CERT (Turkish national CERT) with advisory published at USOM, indicating regional significance. EPSS data not available; no CISA KEV listing or public POC identified at time of analysis.

XSS Online Support Application
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy