CVE-2025-10612
📋 TL;DR
This is a reflected cross-site scripting (XSS) vulnerability in giSoft Information Technologies City Guide software. Attackers can inject malicious scripts into web pages that are then executed in victims' browsers. All users of City Guide versions before 1.4.45 are affected.
💻 Affected Systems
- giSoft Information Technologies City Guide
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware on user systems.
Likely Case
Session hijacking, credential theft, or defacement of web pages through script injection.
If Mitigated
Limited impact with proper input validation and output encoding; scripts may execute but with reduced privileges.
🎯 Exploit Status
Requires user interaction (clicking malicious link) but no authentication needed for basic exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.4.45
Vendor Advisory: https://www.usom.gov.tr/bildirim/tr-25-0350
Restart Required: No
Instructions:
1. Download City Guide version 1.4.45 or later from official vendor sources. 2. Backup current installation. 3. Replace vulnerable files with patched version. 4. Test functionality.
🔧 Temporary Workarounds
Input Validation Filter
allImplement server-side input validation to sanitize user inputs before processing.
Content Security Policy
allImplement CSP headers to restrict script execution sources.
Content-Security-Policy: default-src 'self'; script-src 'self'
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block XSS payloads.
- Disable or restrict user input fields that accept HTML/script content.
🔍 How to Verify
Check if Vulnerable:
Test input fields with XSS payloads like <script>alert('XSS')</script> and check if script executes.Check Version:
Check City Guide admin panel or configuration files for version number.Verify Fix Applied:
After patching, retest with same XSS payloads; scripts should not execute and input should be sanitized.📡 Detection & Monitoring
Log Indicators:
- Unusual long strings in URL parameters
- Script tags or JavaScript in request logs
- Multiple failed login attempts from same IP
Network Indicators:
- HTTP requests containing script tags or encoded JavaScript
- Suspicious redirects to external domains
SIEM Query:
source="web_logs" AND (uri="*<script>*" OR uri="*javascript:*" OR uri="*onerror=*" OR uri="*onload=*")