CVE-2025-7799

8.6 HIGH

Published 2026-02-09 · Modified 2026-02-09 · Awaiting Analysis

Quick Summary

A security flaw in the Zirve E-Taxpayer Accounting Website allows attackers to inject malicious scripts into web pages. This matters because it can compromise user sessions and steal sensitive data.

Who is affected

Users of the E-Taxpayer Accounting Website through version 07082025 are affected. An attacker could trick a user into clicking a malicious link, leading to session hijacking or theft of login credentials.

Recommended fix

Immediately update the E-Taxpayer Accounting Website to a version released after 07082025. If an update is not available, implement strict input validation and output encoding for all user-supplied data.

Technical Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zirve Information Technologies Inc. E-Taxpayer Accounting Website allows Reflected XSS.This issue affects e-Taxpayer Accounting Website: through 07082025.

CVSS Details

Attack Vector

NETWORK

Complexity

LOW

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

CWE

CWE-79

References

https://www.usom.gov.tr/bildirim/tr-26-0019