CVE-2025-14343
Published: 26 February 2026
Summary
CVE-2025-14343 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Gov (inferred from references). Its CVSS base score is 7.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked at the 14.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Deeper analysis
CVE-2025-14343 is an Improper Neutralization of Input During Web Page Generation vulnerability, enabling Reflected Cross-site Scripting (XSS), in Dokuzsoft Technology Ltd.'s E-Commerce Product. This issue, associated with CWE-79, affects all versions of the product through 10122025. It was published on 2026-02-26 with a CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H).
A remote, unauthenticated attacker can exploit this vulnerability over the network with low attack complexity by crafting malicious input, such as a specially prepared URL or form submission, and tricking a user into interacting with it, for example by clicking a link or viewing a page. Upon successful exploitation, the injected script executes in the victim's browser context, potentially allowing limited disclosure of sensitive data (low confidentiality impact), minor manipulation of page content or actions (low integrity impact), and significant disruption such as browser crashes or denial of service (high availability impact).
Mitigation details are available in the advisory published by the Turkish National Cyber Incident Response Center (USOM) at https://www.usom.gov.tr/bildirim/tr-26-0083.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208120
Vulnerability details
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dokuzsoft Technology Ltd. E-Commerce Product allows Reflected XSS. This issue affects E-Commerce Product: through 10122025.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Reflected XSS directly enables drive-by or spearphishing link delivery of browser scripts for session/credential theft.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the improper neutralization of input vulnerability by validating user inputs such as URLs or form data to block malicious XSS payloads before processing.
Prevents reflected XSS execution by filtering or encoding reflected user inputs during web page generation to neutralize script injection.
Addresses the specific flaw in Dokuzsoft E-Commerce Product through timely identification, testing, and application of patches or updates for this CVE.