CVE-2025-11950

Опубликовано: 27 фев. 2026

Источник: nvd

CVSS3: 6.3

CVSS3: 6.1

EPSS Низкий

Описание

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KNOWHY Advanced Technology Trading Ltd. Co. EduAsist allows Reflected XSS.

This issue affects EduAsist: before v2.1.

Ссылки

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0086
https://www.usom.gov.tr/bildirim/tr-26-0086
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eduasist:eduasist:*:*:*:*:*:*:*:*

Версия до 27022026 (включая)

EPSS

Процентиль: 9%

0.00194

Низкий

6.3 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-99wh-hc39-j65q

CVSS3: 6.3

github

4 месяца назад

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KNOWHY Advanced Technology Trading Ltd. Co. EduAsist allows Reflected XSS.This issue affects EduAsist: through 27022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

EPSS

Процентиль: 9%

0.00194

Низкий

6.3 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79