Tg Soft · Online Support Application · CVE-2025-14320
**Name of the Vulnerable Software and Affected Versions**
Tegsoft Management and Information Services Trade Limited Company Online Support Application versions V3 through 31122025
**Description**
Improper neutralization of input during web page generation allows Reflected Cross-Site Scripting (XSS), a flaw where an application includes untrusted data in a web page without proper validation, enabling attackers to execute malicious scripts in the victim's browser.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.