Summary
| Parameter | Value |
|---|---|
| CVE ID | CVE-2025-14320 |
| Alert Source | GitHub Advisory - Critical Vulnerability |
| CVE Publication Year | 2025 |
| Date Published | 2026-05-04 |
| Vendor | Tegsoft |
| Product | Online Support Application |
| CVSS Score | 9.8 (critical) |
| EPSS Score | No data |
| CISA KEV | No |
| Ransomware | Not confirmed |
Vulnerability Description
Improper neutralization of input during web page generation (‘cross-site scripting’) vulnerability in Tegsoft Management and Information Services Trade Limited Company Online Support Application allows Reflected XSS.
This issue affects Online Support Application: from V3 through 31122025.
Required Actions
Update Tegsoft Online Support Application to a patched version immediately. Until the patch is deployed, consider deploying WAF rules that block unusual characters in application URL parameters and educate users about the risk of clicking suspicious links. Monitor web server logs for requests carrying malicious JavaScript payloads in parameters.
Who Is Affected?
This vulnerability affects Online Support Application by Tegsoft. Check whether your organization runs this application in versions from V3 through 31122025 and update the installation without delay.
Sources
Need help securing your systems? nFlo team offers vulnerability management and 24/7 SOC services. Contact us.
