XSS in Mevzuattr Software's MevzuatTR

Summary

CVE	CVE-2025-0546
State	PUBLISHED
Assigner	TR-CERT
Source Priority	CVE Program / NVD first with legacy fallback
Published	2025-09-17 12:15:37 UTC
Updated	2026-06-06 08:16:46 UTC
Description	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Restriction of Rendered UI Layers or Frames vulnerability in Mevzuattr Software MevzuatTR allows Phishing, iFrame Overlay, Clickjacking, Forceful Browsing. This issue needs high privileges. This issue affects MevzuatTR: before 12.02.2025.

Risk And Classification

Primary CVSS: v3.1 4.7 MEDIUM from [email protected]

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Problem Types: CWE-79 | CWE-1021 | CWE-79 CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') | CWE-1021 CWE-1021 Improper Restriction of Rendered UI Layers or Frames

Version	Source	Type	Score	Severity	Vector
3.1	[email protected]	Secondary	4.7	MEDIUM	`CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L`
3.1	CNA	CVSS	4.7	MEDIUM	`CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L`

CVSS v3.1 Breakdown

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Mevzuattr Software	MevzuatTR	affected 12.02.2025 custom	Not specified

References

Reference	Source	Link	Tags
siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0269	[email protected]	siberguvenlik.gov.tr
www.usom.gov.tr/bildirim/tr-25-0269	[email protected]	www.usom.gov.tr
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Discovery Credit

CNA: Berat Arslan (en)

There are currently no legacy QID mappings associated with this CVE.