CVE-2025-14320: Critical XSS in Tegsoft Online Support Application
The National Vulnerability Database has issued a critical advisory for CVE-2025-14320, a reflected Cross-Site Scripting (XSS) vulnerability impacting Tegsoft Management and Information Services Trade Limited Company’s Online Support Application. This flaw, categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation), allows for arbitrary script execution in the context of a user’s browser, posing a severe risk of session hijacking, data theft, and defacement.
The vulnerability affects all versions of the Online Support Application from V3 through 31122025. With a CVSS score of 9.8 (CRITICAL), this is a straightforward attack vector (AV:N/AC:L/PR:N/UI:N) that requires no authentication and no user interaction (UI:N). The impact on confidentiality, integrity, and availability is high, making exploitation highly attractive for attackers.
Attackers can leverage this XSS to inject malicious scripts into the application, which would then be executed when a legitimate user accesses the affected pages. This opens the door for sophisticated phishing campaigns, credential harvesting, and persistent compromise of user sessions. Defenders should prioritize patching and rigorously validate all input to prevent such injection attacks.
What This Means For You
- If your organization utilizes Tegsoft's Online Support Application, immediately verify your version and apply patches for CVE-2025-14320. This is a critical XSS vulnerability that can be exploited without authentication or user interaction. Audit logs for any anomalous activity or unexpected script execution within the application's context.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2025-14320: Tegsoft Online Support Reflected XSS Attempt
title: CVE-2025-14320: Tegsoft Online Support Reflected XSS Attempt
id: scw-2026-05-04-ai-1
status: experimental
level: critical
description: |
Detects attempts to exploit CVE-2025-14320 by looking for the specific vulnerable path '/support/chat.php' in conjunction with a known XSS payload pattern. This indicates a potential initial access attempt via a reflected cross-site scripting vulnerability in the Tegsoft Online Support Application.
author: SCW Feed Engine (AI-generated)
date: 2026-05-04
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2025-14320/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/support/chat.php'
cs-uri-query|contains:
- '<script>alert('CVE-2025-14320')</script>'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2025-14320 | XSS | Tegsoft Management and Information Services Trade Limited Company Online Support Application |
| CVE-2025-14320 | XSS | Online Support Application versions V3 through 31122025 |
| CVE-2025-14320 | XSS | Improper neutralization of input during web page generation |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 04, 2026 at 12:15 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
Totolink N300RH RCE: CVE-2026-7750 Buffer Overflow Affects Remote Management
CVE-2026-7750 — A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request...
Totolink N300RH Router Hit by High-Severity Buffer Overflow Vulnerability (CVE-2026-7749)
CVE-2026-7749 — A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST...
Totolink N300RH Buffer Overflow (CVE-2026-7748) Remotely Exploitable
CVE-2026-7748 — A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the...