Cross-Site Scripting Vulnerability in Proliz Student Affairs Information System
CVE-2025-10467

8.9HIGH

Key Information:

Vendor: Proliz Computer Software Hardware Service Trade Ltd. Co.
Status: Obs (student Affairs Information System)
Vendor: CVE Published:; 25 September 2025

🔔 Create Proliz Computer Software Hardware Service Trade Ltd. Co. Vulnerability Alert

What is CVE-2025-10467?

An improper handling of user input during web page generation in Proliz's OBS (Student Affairs Information System) prior to version 25.0401 leads to vulnerabilities that enable stored cross-site scripting (XSS) attacks. Attackers can exploit this vulnerability to inject malicious scripts that may be executed in the browsers of users who access compromised pages, potentially leading to unauthorized data access and other security risks.

Affected Version(s)

OBS (Student Affairs Information System) 0

References

https://www.usom.gov.tr/bildirim/tr-25-0298

CVSS V3.1

Score:

8.9

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 25, 2025
Vulnerability Reserved
Sep 15, 2025

Credit

Emre Akay

JSON