Skip to main content

Proticaret E Commerce

1 CVEs product

Monthly

CVE-2026-3953 HIGH This Week

Cross-site scripting in Gosoft Proticaret E-Commerce v5.0.0 through v6.0.1767.1383 allows remote attackers to execute arbitrary JavaScript in victim browsers via crafted HTTP requests. Despite the 8.8 CVSS score indicating complete compromise (High C/I/A), the CVSS vector reveals this is a reflected XSS requiring user interaction (UI:R), not a stored or blind XSS. The vulnerability is unscoped (S:U), meaning impact is confined to the vulnerable application. No active exploitation confirmed via CISA KEV and no public exploit code identified at time of analysis. TR-CERT advisory available with remediation guidance.

XSS Proticaret E Commerce
NVD
CVSS 3.1
8.8
EPSS
0.0%
EPSS 0% CVSS 8.8
HIGH This Week

Cross-site scripting in Gosoft Proticaret E-Commerce v5.0.0 through v6.0.1767.1383 allows remote attackers to execute arbitrary JavaScript in victim browsers via crafted HTTP requests. Despite the 8.8 CVSS score indicating complete compromise (High C/I/A), the CVSS vector reveals this is a reflected XSS requiring user interaction (UI:R), not a stored or blind XSS. The vulnerability is unscoped (S:U), meaning impact is confined to the vulnerable application. No active exploitation confirmed via CISA KEV and no public exploit code identified at time of analysis. TR-CERT advisory available with remediation guidance.

XSS Proticaret E Commerce
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy