CVE-2025-0546

MEDIUM 4.7

XSS in Mevzuattr Software's MevzuatTR

CVSS Score

4.7

EPSS Score

0.1%

EPSS Percentile

18th

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Restriction of Rendered UI Layers or Frames vulnerability in Mevzuattr Software MevzuatTR allows Phishing, iFrame Overlay, Clickjacking, Forceful Browsing. This issue needs high privileges. This issue affects MevzuatTR: before 12.02.2025.

CWE	CWE-79 CWE-1021
Vendor	mevzuattr software
Product	mevzuattr
Published	Sep 17, 2025
Last Updated	Jun 6, 2026

Stay Ahead of the Next One

Get instant alerts for mevzuattr software mevzuattr

Be the first to know when new medium vulnerabilities affecting mevzuattr software mevzuattr are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Affected Versions

Mevzuattr Software / MevzuatTR

0 < 12.02.2025

References

NVD ↗ CVE.org ↗ EPSS Data ↗

usom.gov.tr: https://www.usom.gov.tr/bildirim/tr-25-0269 siberguvenlik.gov.tr: https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0269

Credits

Berat Arslan