Reflected XSS Vulnerability in Tegsoft Online Support Application
CVE-2025-14320

9.8CRITICAL

Key Information:

Vendor: Tegsoft Management And Information Services Trade Limited Company
Status: Online Support Application
Vendor: CVE Published:; 4 May 2026

🔔 Create Tegsoft Management And Information Services Trade Limited Company Vulnerability Alert

What is CVE-2025-14320?

An improper neutralization of user input in the Tegsoft Online Support Application exposes the system to reflected cross-site scripting (XSS) attacks. This vulnerability allows malicious actors to inject harmful scripts into the web pages, compromising user data and potentially leading to unauthorized actions on the part of users. The affected versions range from V3, with implications lasting until December 31, 2025. Organizations using this application should implement immediate measures to protect against potential exploitation.

Affected Version(s)

Online Support Application V3 <= 31122025

References

https://www.usom.gov.tr/bildirim/tr-26-0142

third-party-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 4, 2026
Vulnerability Reserved
Dec 9, 2025

Credit

Selay YURDAGÜL

CVE-2025-14320 Data

JSON