Cross-Site Scripting Vulnerability in Proticaret E-Commerce by Gosoft Software Industry and Trade Ltd.
CVE-2026-3953

8.8HIGH

Key Information:

Vendor: Gosoft Software Industry And Trade Ltd. Co.
Status: Proticaret E-commerce
Vendor: CVE Published:; 7 May 2026

🔔 Create Gosoft Software Industry And Trade Ltd. Co. Vulnerability Alert

What is CVE-2026-3953?

A Cross-Site Scripting (XSS) vulnerability exists in Proticaret E-Commerce by Gosoft Software Industry and Trade Ltd. Co. This flaw is due to improper neutralization of user input during web page generation, which allows attackers to inject arbitrary scripts into web pages viewed by users. Affected versions include Proticaret E-Commerce from version 5.0.0 up to but not including 6.0.1767.1383. The vulnerability can potentially lead to session hijacking or unauthorized actions by unsuspecting users. It is crucial for users maintaining the affected versions to apply the latest updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

Proticaret E-Commerce v5.0.0

References

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/...

government-resource

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2026
Vulnerability Reserved
Mar 11, 2026

Credit

Ferit ÖZNER

CVE-2026-3953 Data

JSON