CVE-2026-3953 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: May 7, 2026
Gosoft Proticaret E-Commerce - Reflected XSS
Published: May 7, 2026Updated: May 7, 2026Remote Exploitable
Overview
Gosoft Software Industry and Trade Ltd. Co. Proticaret E-Commerce from v5.0.0 before V 6.0.1767.1383 contains a reflected XSS caused by improper neutralization of input during web page generation, letting attackers execute scripts in users' browsers, exploit requires crafted input.
Severity & Score
Severity: High
CVSS Score: 8.8
Impact
Attackers can execute scripts in users' browsers, potentially stealing session data or performing actions on behalf of users.
Mitigation
Update to version 6.0.1767.1383 or later.
Related Resources
Details
- CVE ID
- CVE-2026-3953
- Severity
- High
- CVSS Score
- 8.8
- Type
- reflected_xss
- Status
- rejected
CWE
- CWE-79
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H