CVE-2025-6397 HIGH

CVE-2025-6397: XSS in Ankara Hosting's web site

Vendor Ankara Hosting Website Design
Product Website Software
Weakness CWE-79 · XSS
Published February 3, 2026
Last update June 5, 2026
View on NVD All CVEs

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ankara Hosting Website Design Website Software allows Reflected XSS. This issue affects Website Software: through 03022026.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

February 3, 2026 CVE published
June 5, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2021-36846 WordPress Chaty plugin <= 2.8.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability CVE-2025-9798 Stored XSS in Netcad Software's Netigma CVE-2025-8295 Employee Directory <= 4.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter CVE-2025-68898 WordPress Synergy Project Manager plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability CVE-2024-12574 SVG Shortcode <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload