{"resultsPerPage":20,"startIndex":0,"totalResults":20,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-21T16:25:30.578","vulnerabilities":[{"cve":{"id":"CVE-2023-4832","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-09-14T18:15:09.477","lastModified":"2026-05-21T09:16:25.267","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aceka Company Management allows SQL Injection.\n\nThis issue affects Company Management: before 3072 ."},{"lang":"es","value":"Vulnerabilidad de Neutralización Inadecuada de Elementos Especiales utilizados en un Comando SQL (\"Inyección SQL\") en Aceka Company Management permite la inyección SQL. Este problema afecta a Company Management: antes de la versión 3072."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:acekaholding:company_management:*:*:*:*:*:*:*:*","versionEndExcluding":"3072","matchCriteriaId":"2E2DF8C2-21B2-49CD-97F7-C73D045BA1F5"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0523","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0523","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0523","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-4766","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-09-14T19:16:51.113","lastModified":"2026-05-21T09:16:25.020","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Movus allows SQL Injection.\n\nThis issue affects Movus: before 20230913."},{"lang":"es","value":"Vulnerabilidad de Neutralización Inadecuada de Elementos Especiales utilizados en un Comando SQL ('Inyección SQL') en Movus permite la inyección SQL. Este problema afecta a Movus: antes de 20230913."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:movus:movus:*:*:*:*:*:*:*:*","versionEndExcluding":"20230913","matchCriteriaId":"06FB5C31-C7DB-45A5-AF60-0B28E725A3CA"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0524","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0524","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0524","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-4676","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-09-14T20:15:11.923","lastModified":"2026-05-21T09:16:24.583","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yordam MedasPro allows Reflected XSS.\n\nThis issue affects MedasPro: before 28."},{"lang":"es","value":"La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Yordam MedasPro permite XSS reflejado. Este problema afecta a MedasPro: antes de 28."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:yordam:medaspro:*:*:*:*:*:*:*:*","versionEndExcluding":"28","matchCriteriaId":"439C527B-B9BC-4E28-AA91-6B7095E39651"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0527","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0527","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0527","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-4702","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-09-14T20:15:12.373","lastModified":"2026-05-21T09:16:24.713","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows Authentication Bypass.\n\nThis issue affects Digital Yepas: before 1.0.1."},{"lang":"es","value":"Vulnerabilidad de Omisión de Autenticación usando un Canal o Ruta Alternativa en Yepas Digital Yepas permite la omisión de autenticación. Este problema afecta a Digital Yepas: anteriores a 1.0.1."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:yepas:digital_yepas:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.1","matchCriteriaId":"5BE3506D-F955-4B85-B23E-F1D9B9669955"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0526","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0526","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0526","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-4972","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-09-14T20:15:13.403","lastModified":"2026-05-21T09:16:25.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect Use of Privileged APIs vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users.\n\nThis issue affects Digital Yepas: before 1.0.1."},{"lang":"es","value":"Vulnerabilidad de gestión de privilegios inadecuada en Yepas Digital Yepas permite recopilar datos proporcionados por los usuarios. Este problema afecta ."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-648"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:yepas:digital_yepas:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.1","matchCriteriaId":"5BE3506D-F955-4B85-B23E-F1D9B9669955"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0526","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0526","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0526","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-4673","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-09-15T06:15:08.140","lastModified":"2026-05-21T09:16:24.173","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sanalogy Turasistan allows SQL Injection.\n\nThis issue affects Turasistan: before 20230911 ."},{"lang":"es","value":"La Neutralización Inadecuada de Elementos Especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Sanalogy Turasistan permite la inyección SQL. Este problema afecta a Turasistan: antes de la versión 20230911."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sanalogi:turasistan:*:*:*:*:*:*:*:*","versionEndExcluding":"20230911","matchCriteriaId":"A05E46E5-8A42-4F53-B20D-E4B7E8FB16BC"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0528","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0528","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0528","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-4830","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-09-15T06:15:08.287","lastModified":"2026-05-21T09:16:25.147","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tura Signalix allows SQL Injection.\n\nThis issue affects Signalix: 7T_0228."},{"lang":"es","value":"La Neutralización Inadecuada de Elementos Especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Tura Signalix permite la inyección SQL. Este problema afecta a Signalix: versión 7T_0228."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:turaconsulting:signalix:7t_0228:*:*:*:*:*:*:*","matchCriteriaId":"43BC1EB4-1C85-4DF9-BCB9-42E1B00FCCA8"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0529","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0529","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0529","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-4670","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-09-15T08:15:08.063","lastModified":"2026-05-21T10:16:23.617","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Innosa Probbys allows SQL Injection.\n\nThis issue affects Probbys: before 2."},{"lang":"es","value":"La neutralización inadecuada de Elementos Especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Innosa Probbys permite la inyección SQL. Este problema afecta a Probbys: antes de la versión 2."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:innosa_probbys_project:innosa_probbys:*:*:*:*:*:*:*:*","versionEndExcluding":"2","matchCriteriaId":"BD7E053C-D1F9-41F8-B138-4F341EC26FDE"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0531","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0531","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0531","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-4833","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-09-15T09:15:08.423","lastModified":"2026-05-21T09:16:25.397","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Besttem Network Marketing Software allows SQL Injection.\n\nThis issue affects Network Marketing Software: before 1.0.2309.6."},{"lang":"es","value":"La neutralización inadecuada de Elementos Especiales utilizados en una vulnerabilidad de comando SQL (\"Inyección SQL\") en Besttem Network Marketing Software permite la inyección SQL. Este problema afecta al Network Marketing Software: antes de la versión 1.0.2309.6."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:besttem_network_marketing_project:besttem_network_marketing:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.2309.6","matchCriteriaId":"603ED223-AED1-4892-B7D6-23B2859B67F0"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0534","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0534","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0533","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-4835","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-09-15T09:15:08.607","lastModified":"2026-05-21T09:16:25.533","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CF Software Oil Management Software allows SQL Injection.\n\nThis issue affects Oil Management Software: before 20230912 ."},{"lang":"es","value":"Neutralización inadecuada de Elementos Especiales utilizados en una vulnerabilidad de comando SQL (\"Inyección SQL\") en CF Software Oil Management Software permite la inyección SQL. Este problema afecta al Oil Management Software: antes de 20230912."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:petroleum_management_software_application_project:petroleum_management_software_application:*:*:*:*:*:*:*:*","versionEndExcluding":"20230912","matchCriteriaId":"4895F736-517B-41B3-8059-CC86D9F76397"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0533","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0533","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0533","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-4737","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-09-27T15:19:40.993","lastModified":"2026-05-21T09:16:24.863","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hedef Tracking Admin Panel allows SQL Injection.\n\nThis issue affects Admin Panel: before 1.2."},{"lang":"es","value":"La Neutralización Inadecuada de Elementos Especiales utilizados en una vulnerabilidad de Comando SQL (\"Inyección SQL\") en el Panel de administración de Hedef Tracking permite la inyección de SQL. Este problema afecta a Admin Panel: versiones anteriores a 1.2."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hedeftakip:admin_portal:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2","matchCriteriaId":"63331148-812A-40A0-B128-4C7287DDFF2F"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0559","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0559","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0559","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-4934","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-09-27T15:19:41.477","lastModified":"2026-05-21T09:16:25.657","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Authorization Bypass Through User-Controlled Key vulnerability in Usta AYBS allows Authentication Abuse, Authentication Bypass.\n\nThis issue affects AYBS: before 1.0.3."},{"lang":"es","value":"La vulnerabilidad de Omisión de Autorización a través de Clave Controlada por el Usuario en Usta AYBS permite el Abuso de Autenticación, Omisión de Autenticación. Este problema afecta a AYBS: antes de la versión 1.0.3."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:usta:aybs:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.3","matchCriteriaId":"3C1B94C4-FE94-4C2A-AE7D-02DBD23A95D5"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0558","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0558","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0558","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-5045","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-10-12T12:15:10.777","lastModified":"2026-05-21T09:16:25.900","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Kayisi allows SQL Injection, Command Line Execution through SQL Injection.\n\nThis issue affects Kayisi: before 1286."},{"lang":"es","value":"Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyección SQL\") en Biltay Technology Kayisi permite la inyección SQL y la ejecución de línea de comando mediante inyección SQL. Este problema afecta a Kayisi: antes de 1286."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:biltay:kayisi:*:*:*:*:*:*:*:*","versionEndExcluding":"1286","matchCriteriaId":"78A3C75C-96BD-41E6-A98A-6DCF8D8F5774"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0580","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0580","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0580","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-5046","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-10-12T12:15:10.867","lastModified":"2026-05-21T09:16:26.040","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Procost allows SQL Injection, Command Line Execution through SQL Injection.\n\nThis issue affects Procost: before 1390."},{"lang":"es","value":"La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Biltay Technology Procost permite la inyección SQL y la ejecución de línea de comando mediante inyección SQL. Este problema afecta a Procost: antes de 1390."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:biltay:procost:*:*:*:*:*:*:*:*","versionEndExcluding":"1390","matchCriteriaId":"76B37521-C44A-4B79-894A-30B7A2721D05"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0581","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0581","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0581","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-5047","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-11-22T12:15:22.587","lastModified":"2026-05-21T09:16:26.160","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DRD Fleet Leasing DRDrive allows SQL Injection.\n\nThis issue affects DRDrive: before 20231006."},{"lang":"es","value":"Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyección SQL\") en DRD Fleet Leasing DRDrive permite la inyección SQL. Este problema afecta a DRDrive: antes de 20231006."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:drd:drdrive:*:*:*:*:*:*:*:*","versionEndExcluding":"2023.10.06","matchCriteriaId":"509E5AD3-E090-4E8B-B04A-1C97BCC78853"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0651","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0651","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0651","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-4671","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-12-28T10:15:08.043","lastModified":"2026-05-21T09:16:23.900","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talent Software ECOP allows Command Line Execution through SQL Injection.\n\nThis issue affects ECOP: before 32255."},{"lang":"es","value":"Vulnerabilidad de neutralización inadecuada de elementos especiales utilizados en un comando SQL ('inyección SQL') en Talent Software ECOP permite la ejecución de línea de comando mediante inyección SQL. Este problema afecta a ECOP: anterior a 32255."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:talentyazilim:ecop:32255:*:*:*:*:*:*:*","matchCriteriaId":"18D6BFC2-47CC-491A-A319-88CBBCC5FF7B"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0737","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0737","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0737","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-4672","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-12-28T10:15:08.423","lastModified":"2026-05-21T09:16:24.047","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software ECOP allows Reflected XSS.\n\nThis issue affects ECOP: before 32255."},{"lang":"es","value":"Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('cross-site Scripting') en Talent Software ECOP permite XSS reflejado. Este problema afecta a ECOP: anterior a 32255."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:talentyazilim:ecop:32255:*:*:*:*:*:*:*","matchCriteriaId":"18D6BFC2-47CC-491A-A319-88CBBCC5FF7B"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0737","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0737","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0737","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-4674","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-12-29T15:15:09.497","lastModified":"2026-05-21T09:16:24.320","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yaztek Software Technologies and Computer Systems E-Commerce Software allows SQL Injection.\n\nThis issue affects E-Commerce Software: through 20231229. \n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"es","value":"Neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyección SQL\") en Yaztek Software Technologies and Computer Systems E-Commerce Software. El software de comercio electrónico permite la inyección de SQL. Este problema afecta a E-Commerce Software: hasta 20231229. NOTA: Se contactó primeramente al proveedor sobre esta divulgación, pero no respondió de nignuna forma."}],"metrics":{},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:yaztekteknoloji:e-commerce:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"20231229","matchCriteriaId":"4CC1C6D0-8710-4F69-8FB9-0620CBC2ED92"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0741","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0741","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0741","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-4675","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-12-29T15:15:09.717","lastModified":"2026-05-21T09:16:24.457","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GM Information Technologies MDO allows SQL Injection.\n\nThis issue affects MDO: through 20231229. \n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"es","value":"La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en GM Information Technologies MDO permite la inyección SQL. Este problema afecta a MDO: hasta 20231229. NOTA: Se contactó primeramente al proveedor sobre esta divulgación, pero no respondió de nignuna forma."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gmbilisim:multi-disciplinary_design_optimization:*:*:*:*:*:*:*:*","versionEndIncluding":"20231229","matchCriteriaId":"D3919C06-3341-4EB3-95EB-2DCD0E8DD95A"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0742","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0742","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0742","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-67972","sourceIdentifier":"audit@patchstack.com","published":"2026-02-20T16:22:03.430","lastModified":"2026-05-21T09:16:26.320","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Zoho Mail Zoho ZeptoMail allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Zoho ZeptoMail: from n/a through 3.2.9."},{"lang":"es","value":"Neutralización Incorrecta de la Entrada Durante la Generación de Páginas Web ('cross-site scripting') vulnerabilidad en fox-themes Prague prague-plugins permite XSS Reflejado. Este problema afecta a Prague: desde n/d hasta &lt;= 2.2.8."}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/transmail/vulnerability/wordpress-zoho-zeptomail-plugin-3-2-9-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}}]}