Cross-Site Scripting Vulnerability in Horato Internet Technologies Virtual Library Platform
CVE-2025-9035

5.4MEDIUM

Key Information:

Vendor

Horato Internet Technologies Ind. And Trade Inc.

Status
Virtual Library Platform
Vendor
CVE Published:
22 September 2025

What is CVE-2025-9035?

A Cross-Site Scripting (XSS) vulnerability in the Virtual Library Platform by Horato Internet Technologies Ind. and Trade Inc. permits attackers to inject malicious scripts into web pages viewed by users. This flaw affects versions prior to v202, leading to potential exploitation where crafted URLs could result in unvalidated user input being executed in the browser. Consequently, this may allow an attacker to steal session cookies, redirect users to malicious sites, and perform unauthorized actions on behalf of the user.

Affected Version(s)

Virtual Library Platform 0

References

https://www.usom.gov.tr/bildirim/tr-25-0284

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Yusuf Tayip YILDIRIM
.
CVE-2025-9035 : Cross-Site Scripting Vulnerability in Horato Internet Technologies Virtual Library Platform