What is CVE-2018-25210?

CVE-2018-25210 is a high-severity vulnerability in Web-ofisi Ticaret V4, classified under Cross-site Scripting. CVSS score: 8.2/10. Published 2026-03-26.

How severe is CVE-2018-25210?

High severity. CVSS v3 base score is 8.2 out of 10.

XSS in Web-ofisi Ticaret V4

CVE-2018-25210

WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.001 (31.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N.

Affected products

Web-ofisi Ticaret V4 — versions 4.0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

ExploitDB-45897 (exploit)
Official Product Homepage (product)
Product Reference (product)
VulnCheck Advisory: WebOfisi E-Ticaret 4.0 SQL Injection via urun Parameter (third-party-advisory)

Frequently asked questions

What is CVE-2018-25210?: CVE-2018-25210 is a high-severity vulnerability in Web-ofisi Ticaret V4, classified under Cross-site Scripting. CVSS score: 8.2/10. Published 2026-03-26.
How severe is CVE-2018-25210?: High severity. CVSS v3 base score is 8.2 out of 10.