Çetin Bi̇ni̇ci̇

**Name of the Vulnerable Software and Affected Versions** BiEticaret CMS versions 2.1.13 through 19022026 **Description** A flaw exists in Inrove Software and Internet Services BiEticaret CMS that allows for authentication bypass through an Execution After Redirect (EAR) and missing authentication for a critical function. This allows an attacker to bypass authentication checks via HTTP response splitting. **Recommendations** Update BiEticaret CMS to a version newer than 19022026.

**Name of the Vulnerable Software and Affected Versions** Key Software Solutions Inc. INFOREX- General Information Management System versions 2025 through 18022026 **Description** A flaw exists in Key Software Solutions Inc. INFOREX- General Information Management System that allows for Cross-site Scripting (XSS) through HTTP Headers. This issue arises from improper neutralization of input during web page generation. The `HTTP Headers` are susceptible to malicious input, potentially enabling an attacker to inject scripts. **Recommendations** Update to a version after 18022026.

**Name of the Vulnerable Software and Affected Versions** EKA Software Real Estate Script versions through 17022026 **Description** The software contains an Improper Neutralization of Input During Web Page Generation issue, also known as Cross-Site Scripting (XSS). This allows for the execution of malicious scripts within the application. The vendor was contacted regarding this issue but did not respond. **Recommendations** Update to a version later than 17022026.

**Name of the Vulnerable Software and Affected Versions** Tumeva News Software versions through 17022026 **Description** The software contains a SQL Injection issue due to improper neutralization of special elements used in an SQL command. This allows for potential data exposure through attacks. The vendor was contacted regarding this issue but did not respond. **Recommendations** Versions prior to 17022026 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sarman Soft CMS versions through 10022026 **Description** The software contains an Execution After Redirect (EAR) issue that allows for JSON Hijacking, also known as JavaScript Hijacking, and Authentication Bypass. This flaw occurs due to improper handling of redirects, potentially leading to unauthorized access or actions. The vulnerability affects the CMS component. **Recommendations** Versions through 10022026 should be updated when a fix becomes available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zirve Information Technologies Inc. E-Taxpayer Accounting Website versions through 07082025 **Description** The E-Taxpayer Accounting Website contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-site Scripting (XSS) condition. This allows for the execution of malicious scripts within the context of a user's browser. The issue impacts the web application and could potentially allow an attacker to inject malicious code. **Recommendations** Versions through 07082025 should be updated or patched as soon as possible.

**Name of the Vulnerable Software and Affected Versions** Ofisimo Web-Based Software Technologies Association Web Package Flora versions 3.0 through 03022026 **Description** The software contains a flaw related to improper input handling during web page generation, potentially leading to Cross-site Scripting (XSS). This issue occurs through manipulation of HTTP headers. The vendor was contacted regarding this issue but did not provide a response. **Recommendations** Versions prior to 3.0 and after 03022026 are not affected. Versions 3.0 through 03022026 should be updated when a patch becomes available.

**Name of the Vulnerable Software and Affected Versions** Global Interactive Design Media Software Inc. Content Management System (CMS) versions through 21072025 **Description** A flaw exists in Global Interactive Design Media Software Inc. Content Management System (CMS) that allows Command Line Execution through SQL Injection due to improper neutralization of special elements used in an SQL command. The issue is a SQL Injection. **Recommendations** Versions through 21072025 require attention to address the SQL Injection flaw and prevent potential Command Line Execution.

**Name of the Vulnerable Software and Affected Versions** Global Interactive Design Media Software Inc. Content Management System (CMS) versions through 21072025 **Description** A flaw exists in Global Interactive Design Media Software Inc. Content Management System (CMS) related to improper input neutralization during web page generation, potentially leading to Cross-site Scripting (XSS). This issue occurs through HTTP Headers. **Recommendations** Versions through 21072025 should be updated to a version that addresses this issue.

**Name of the Vulnerable Software and Affected Versions** Saysis Computer Systems Trade Ltd. Co. StarCities E-Municipality Management versions prior to 20250825 **Description** The software contains an Improper Neutralization of Input During Web Page Generation, which allows for Cross-Site Scripting (XSS). **Recommendations** Update to a version prior to 20250825.