Cross-Site Scripting Vulnerability in Dataprom Informatics PACS-ACSS
CVE-2025-4411

6.5MEDIUM

Key Information:

Vendor: Dataprom Informatics
Status: Pacs-acss
Vendor: CVE Published:; 23 July 2025

🔔 Create Dataprom Informatics Vulnerability Alert

What is CVE-2025-4411?

This vulnerability allows for improper neutralization of user input during web page generation, potentially enabling attackers to execute malicious scripts in the context of a user's session. Users of Dataprom Informatics PACS-ACSS versions prior to 16.05.2025 are particularly at risk, as the flaw permits cross-site scripting (XSS) attacks that can compromise the integrity and confidentiality of user data.

Affected Version(s)

PACS-ACSS 0 < 16.05.2025

References

https://www.usom.gov.tr/bildirim/tr-25-0171

third-party-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2025
Vulnerability Reserved
May 7, 2025

Credit

Berfim BABAYIGIT