CVE-2025-0984

Published: May 6, 2025Modified: Jun 6, 2026Deferred

8.2

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L

Exploitability: 2.3 / Impact: 5.3

Source: iletisim@usom.gov.tr (Secondary)

Description

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netoloji Software E-Flow allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS, File Content Injection. This issue affects E-Flow: before 3.23.00.

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (3)

https://netoloji.com/yazilim-surum-notlari/

Source: iletisim@usom.gov.tr

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0102

Source: iletisim@usom.gov.tr

https://www.usom.gov.tr/bildirim/tr-25-0102

Source: iletisim@usom.gov.tr

Timeline

No history available yet.