Online Support Application
Monthly
Remote code execution via reflected XSS in Tegsoft Online Support Application V3 through build 31122025 allows unauthenticated attackers to execute arbitrary JavaScript in victim browsers with full application privileges. Despite being classified as CWE-79 (XSS), the CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H indicates critical impact typically reserved for RCE vulnerabilities, suggesting severe exploitation potential beyond typical XSS. Reported by TR-CERT (Turkish national CERT) with advisory published at USOM, indicating regional significance. EPSS data not available; no CISA KEV listing or public POC identified at time of analysis.
Remote code execution via reflected XSS in Tegsoft Online Support Application V3 through build 31122025 allows unauthenticated attackers to execute arbitrary JavaScript in victim browsers with full application privileges. Despite being classified as CWE-79 (XSS), the CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H indicates critical impact typically reserved for RCE vulnerabilities, suggesting severe exploitation potential beyond typical XSS. Reported by TR-CERT (Turkish national CERT) with advisory published at USOM, indicating regional significance. EPSS data not available; no CISA KEV listing or public POC identified at time of analysis.