Berat Arslan

**Name of the Vulnerable Software and Affected Versions** E-Commerce Website versions prior to 4.5.001 **Description** Improper neutralization of special elements used in an SQL command allows Blind SQL Injection. This occurs when the application fails to properly sanitize user-supplied data before incorporating it into a database query, enabling an attacker to infer sensitive information by observing the application's response to specific queries. **Recommendations** Update to version 4.5.001.

**Name of the Vulnerable Software and Affected Versions** Talentics versions through 20022026 **Description** A flaw exists in Talentics that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. The vendor was contacted regarding this issue but did not respond. **Recommendations** Versions through 20022026 should be updated when a fix becomes available.

**Name of the Vulnerable Software and Affected Versions** Farktor Software E-Commerce Services Inc. E-Commerce Package versions through 27112025 **Description** An Improper Neutralization of Input During Web Page Generation issue exists in Farktor Software E-Commerce Services Inc. E-Commerce Package, allowing for Cross-Site Scripting (XSS). This allows attackers to inject malicious scripts into web pages viewed by other users. XSS occurs when a web application accepts user-supplied data and includes it in a web page without properly validating or encoding it. This can lead to the execution of arbitrary JavaScript code in the context of the user's browser. **Recommendations** Versions through 27112025 should be updated or patched to address this issue.

**Name of the Vulnerable Software and Affected Versions** Farktor Software E-Commerce Package versions through 27112025 **Description** The software contains an improper neutralization of special elements used in an SQL command, leading to a Blind SQL Injection issue. This allows for potential unauthorized access to or modification of data within the database. **Recommendations** Versions prior to 27112025 should be updated.

**Name of the Vulnerable Software and Affected Versions** Farktor Software E-Commerce Package versions through 27112025 **Description** An authorization bypass exists in Farktor Software E-Commerce Package due to manipulation of user-controlled variables. This allows bypassing intended access restrictions. **Recommendations** Versions prior to 27112025 should be updated.

**Name of the Vulnerable Software and Affected Versions** Okulistik versions through 21102025 **Description** The software contains a Server-Side Request Forgery (SSRF) vulnerability that allows Server Side Request Forgery. The vulnerability exists due to insufficient input validation, potentially allowing an attacker to make requests to unintended locations. **Recommendations** Versions through 21102025 should be updated. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tap&Sign versions through 23012026 **Description** Tap&Sign software contains a flaw related to improper input neutralization during web page generation, potentially leading to Cross-Site Scripting (XSS). The vendor was contacted regarding this issue but did not respond. **Recommendations** Update Tap&Sign to a version later than 23012026.

**Name of the Vulnerable Software and Affected Versions** Trizbi versions prior to 2.144.4 **Description** The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Cross-Site Scripting (XSS). This means that malicious code can be injected into web pages generated by the application, potentially compromising user data or system security. **Recommendations** Update Trizbi to version 2.144.4 or later.

**Name of the Vulnerable Software and Affected Versions** Aidango versions prior to 2.144.4 **Description** Aidango is susceptible to a Cross-Site Scripting (XSS) issue due to improper neutralization of input during web page generation. XSS occurs when an application includes malicious code in a web page viewed by other users. This can allow attackers to execute scripts in the context of a user's browser, potentially leading to session hijacking or defacement of the website. The vulnerability exists because the application does not properly sanitize user-supplied input before including it in the generated web pages. This allows an attacker to inject malicious scripts into the web page, which will then be executed by other users who view the page. **Recommendations** Update Aidango to version 2.144.4 or later.

**Name of the Vulnerable Software and Affected Versions** Restajet Information Technologies Inc. Online Food Delivery System versions through 19122025 **Description** A Cross-Site Request Forgery (CSRF) issue exists in Restajet Information Technologies Inc. Online Food Delivery System. This allows an attacker to perform actions on behalf of an authenticated user without their knowledge. The issue allows Cross Site Request Forgery. **Recommendations** Apply updates to versions prior to 19122025.

**Name of the Vulnerable Software and Affected Versions** Restajet Information Technologies Inc. Online Food Delivery System versions through 19122025 **Description** An issue exists in Restajet Information Technologies Inc. Online Food Delivery System that allows for Password Recovery Exploitation due to improper restriction of excessive authentication attempts. The issue enables unlimited password recovery attempts, potentially leading to full account takeover. **Recommendations** Versions prior to 19122025 should be updated.

**Name of the Vulnerable Software and Affected Versions** Restajet Information Technologies Inc. Online Food Delivery System versions through 19122025 **Description** An issue exists in Restajet Information Technologies Inc. Online Food Delivery System that allows for URL redirection to untrusted sites, potentially enabling phishing and forceful browsing attacks. The issue is an 'Open Redirect', where a malicious actor can manipulate the application to redirect users to a website of their choosing. **Recommendations** Versions through 19122025 should be updated.

**Name of the Vulnerable Software and Affected Versions** Tekrom Technology Inc. T-Soft E-Commerce versions through 28112025 **Description** A Cross-Site Request Forgery (CSRF) issue exists in Tekrom Technology Inc. T-Soft E-Commerce. This allows an attacker to perform actions on behalf of an authenticated user without their knowledge. CSRF occurs when a malicious website, email, or other communication channel sends a request to a vulnerable web application, leveraging the user's existing authentication to execute unauthorized commands. **Recommendations** Update Tekrom Technology Inc. T-Soft E-Commerce to a version later than 28112025.

**Name of the Vulnerable Software and Affected Versions** Shopside versions through 05022025 **Description** Shopside Software Technologies Inc. Shopside allows iFrame Overlay, resulting in an improper restriction of rendered UI layers or frames. **Recommendations** Versions through 05022025 are affected and require attention. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QRMenu versions 1.05.12 through versions prior to 05.09.2025 **Description** An authorization bypass issue exists in QRMenu, a component of AKIN Software Computer Import Export Industry and Trade Co. Ltd. This flaw allows attackers to bypass authorization controls, potentially gaining access to privileged functionalities or data without proper authentication. The issue is due to a user-controlled key. **Recommendations** Update QRMenu to a version dated 05.09.2025 or later.

**Name of the Vulnerable Software and Affected Versions** Logo Cloud versions prior to 2025.R6 **Description** Logo Cloud is susceptible to a URL redirection issue, specifically an open redirect. This allows for potential phishing and forceful browsing attacks. The issue involves redirection to untrusted sites. The `URL` parameter in the application is vulnerable to manipulation, allowing an attacker to redirect users to malicious websites. **Recommendations** Update Logo Cloud to version 2025.R6 or later.

**Name of the Vulnerable Software and Affected Versions** Logo Cloud versions prior to 2.57 **Description** An issue exists in Logo Cloud that allows for phishing attacks due to improper encoding or escaping of output. This can lead to cross-site scripting (XSS) where malicious code is injected into web pages. **Recommendations** Update Logo Cloud to version 2.57 or later.

**Name of the Vulnerable Software and Affected Versions** Logo Cloud versions prior to 1.18 **Description** A flaw exists in Logo Cloud that allows for Cross-Site Scripting (XSS). This issue is due to improper neutralization of input during web page generation. The vulnerability could potentially allow an attacker to inject malicious scripts into web pages viewed by other users. **Recommendations** Update Logo Cloud to version 1.18 or later.

**Name of the Vulnerable Software and Affected Versions** Logo Cloud versions prior to 0.67 **Description** An authorization bypass exists in Logo Cloud due to a user-controlled key issue. This allows for forceful browsing and exposure of resources. The issue involves bypassing intended access controls through manipulation of keys. **Recommendations** Update Logo Cloud to version 0.67 or later.

**Name of the Vulnerable Software and Affected Versions** IT's Workif versions through 20251003 **Description** The software contains a flaw related to improper handling of user-supplied data during web page creation, potentially leading to Cross-Site Scripting (XSS). This could allow an attacker to inject malicious scripts into web pages viewed by other users. The affected component is susceptible to XSS attacks due to insufficient input validation. **Recommendations** Update to a version beyond 20251003.