CVE-2025-8589 PUBLISHED

Reflected XSS in AKCE Software's SKSPro

Assigner: TR-CERT
Reserved: 05.08.2025 Published: 03.02.2026 Updated: 03.02.2026

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows Reflected XSS.This issue affects SKSPro: through 07012026.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
CVSS Score: 7.6

Product Status

Vendor AKCE Software Technology R&D Industry and Trade Inc.
Product SKSPro
Versions Default: unaffected
  • affected from 0 to 07012026 (incl.)

Credits

  • Enes EBUBEKİR finder

References

Problem Types

  • CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') CWE

Impacts

  • CAPEC-591 Reflected XSS