Reflected Cross-site Scripting in WellChoose Organization Portal System
CVE-2025-8911

5.3MEDIUM

Key Information:

Vendor

Wellchoose

Status
Organization Portal System
Vendor
CVE Published:
13 August 2025

What is CVE-2025-8911?

The Organization Portal System by WellChoose contains a reflected cross-site scripting vulnerability. This flaw enables unauthenticated remote attackers to inject malicious JavaScript code into the browser of users through phishing techniques. When users interact with the compromised links, their browsers execute the arbitrary scripts, potentially compromising sensitive information and leading to various security risks. Organizations utilizing this system are urged to implement preventive measures to protect against such vulnerabilities.

Affected Version(s)

Organization Portal System 0

References

https://www.twcert.org.tw/tw/cp-132-10321-3cae5-1.html
third-party-advisory
https://www.twcert.org.tw/en/cp-139-10325-70192-2.html
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-8911 : Reflected Cross-site Scripting in WellChoose Organization Portal System