CVE-2025-0984HIGH 8.2EPSS p17.5%

CVE-2025-0984CVE-2025-0984

Description

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netoloji Software E-Flow allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS, File Content Injection. This issue affects E-Flow: before 3.23.00.

Scoring

CVSS 3.18.2 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L
EPSS0.26% probability of exploitation · percentile 17.5% · 2026-06-19T12:03:05Z
Published2025-05-06
Last modified2026-06-06

Underlying weaknesses· 2

CWE-79CWE-434

References

  1. https://netoloji.com/yazilim-surum-notlari/
  2. https://www.usom.gov.tr/bildirim/tr-25-0102

2

TypeTargetConfidenceTier
WeaknessUnrestricted Upload of File with Dangerous Typecwe-4340%live
WeaknessImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')cwe-790%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-9798
CVE
CVE-2024-7785
CVE
CVE-2024-5959
CVE
CVE-2025-10876
CVE
CVE-2025-8695
CVE
CVE-2025-8411
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.