CVE-2024-12914

{"id": "CVE-2024-12914", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "iletisim@usom.gov.tr", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 0.9}]}, "published": "2025-09-01T13:15:32.070", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0202", "source": "iletisim@usom.gov.tr"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "iletisim@usom.gov.tr", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ak\u0131nsoft QR Men\u00fc allows Cross-Site Scripting (XSS).This issue affects QR Men\u00fc: from s1.05.05 before v1.05.12."}], "lastModified": "2025-09-02T15:55:25.420", "sourceIdentifier": "iletisim@usom.gov.tr"}