CVE-2025-8308 PUBLISHED

Reflected XSS in Key Software's INFOREX

Assigner: TR-CERT
Reserved: 29.07.2025 Published: 18.02.2026 Updated: 18.02.2026

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Key Software Solutions Inc. INFOREX- General Information Management System allows XSS Through HTTP Headers.This issue affects INFOREX- General Information Management System: from 2025 and before through 18022026.

NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVSS Score: 6.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	None	Integrity Impact	Low
User Interaction	Required	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	Key Software Solutions Inc.
Product	INFOREX- General Information Management System
Versions	Default: affected affected from 2025 and before to 18022026 (incl.)

Credits

Çetin BİNİCİ finder

References

https://www.usom.gov.tr/bildirim/tr-26-0075

Problem Types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') CWE

Impacts

CAPEC-86 XSS Through HTTP Headers