PatchSiren cyber security CVE debrief
CVE-2023-6047 Algoritimbilisim CVE debrief
CVE-2023-6047 describes a reflected cross-site scripting (XSS) issue in Algoritimbilisim E-Commerce Software affecting versions before 3.9.2. The NVD record classifies the weakness as CWE-79 and rates the issue CVSS 3.1 6.1 (medium). Because the attack vector is network-based and user interaction is required, the main risk is browser-side code execution in a victim session rather than direct server compromise.
- Vendor
- Algoritimbilisim
- Product
- E-Commerce Software
- CVSS
- MEDIUM 6.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-03-29
- Original CVE updated
- 2026-05-20
- Advisory published
- 2024-03-29
- Advisory updated
- 2026-05-20
Who should care
Administrators and operators running Algoritimbilisim E-Commerce Software, especially any public-facing installation still below version 3.9.2. Security teams should also care if the application is used by staff or customers in browsers, since reflected XSS can affect authenticated or unauthenticated users who follow a crafted link.
Technical summary
The vulnerable product is identified in NVD as cpe:2.3:a:algoritimbilisim:e-commerce_software with affected versions ending before 3.9.2. NVD lists the weakness as CWE-79 and the CVSS vector AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. That profile is consistent with reflected XSS: the payload is delivered through a web request, requires a user to interact with a crafted URL or page flow, and can impact confidentiality and integrity in the browser context.
Defensive priority
Medium. This is not a KEV-listed issue in the supplied data, but it is internet-reachable, user-triggered, and can lead to session- or content-level abuse in a browser. Prioritize patching if the product is exposed to end users or used in administrative workflows.
Recommended defensive actions
- Upgrade Algoritimbilisim E-Commerce Software to version 3.9.2 or later.
- Review any public entry points, search parameters, and request handlers for reflected output that is not properly encoded.
- Validate that server-side output encoding and templating protections are consistently applied across all user-controlled inputs.
- Check whether any security controls such as a restrictive Content Security Policy can reduce impact while patching is planned.
- If the product is internet-facing, add testing and monitoring for XSS-related anomalies in web access logs and browser reports.
Evidence notes
The supplied NVD record names the affected CPE as algoritimbilisim:e-commerce_software and states the vulnerable range ends before 3.9.2. NVD also lists CVSS 3.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N and CWE-79. The record includes third-party advisory references from USOM, which corroborate the issue in a separate official advisory channel. The CVE was published on 2024-03-29 and later modified on 2026-05-20; those dates are used here only as record timeline context.
Official resources
-
CVE-2023-6047 CVE record
CVE.org
-
CVE-2023-6047 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
Publicly disclosed in the official vulnerability record on 2024-03-29, with a later record modification on 2026-05-20. No KEV listing was provided in the supplied data.