PatchSiren cyber security CVE debrief

CVE-2023-6122 İstanbul Soft Informatics and Consultancy Limited Company CVE debrief

CVE-2023-6122 is a reflected cross-site scripting issue in İstanbul Soft Informatics and Consultancy Limited Company Softomi Gelişmiş C2C Pazaryeri Yazılımı (Softomi Advanced C2C Marketplace Software). NVD and the USOM advisory indicate the issue affects versions before 12122023. The CVE was published on 2023-12-21; the 2026-05-20 timestamp reflects later record modification, not the original disclosure date.

Vendor: İstanbul Soft Informatics and Consultancy Limited Company
Product: Softomi Gelişmiş C2C Pazaryeri Yazılımı
CVSS: MEDIUM 6.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2023-12-21
Original CVE updated: 2026-05-20
Advisory published: 2023-12-21
Advisory updated: 2026-05-20

Who should care

Administrators and developers responsible for Softomi Advanced C2C Marketplace Software installations before 12122023, especially any public-facing deployments where users interact with pages that reflect request input.

Technical summary

The vulnerability is tracked as CWE-79 (Improper Neutralization of Input During Web Page Generation). The NVD vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, which indicates remote exploitation with no privileges required but with user interaction needed. Because the issue is reflected XSS, the primary risk is that unsanitized input can be rendered in a web page and executed in a victim's browser, potentially affecting confidentiality and integrity within the application context.

Defensive priority

Medium. The CVSS score is 6.1, exploitation requires user interaction, and the impact is limited, but the attack surface is internet-reachable in typical web deployments.

Recommended defensive actions

Upgrade Softomi Advanced C2C Marketplace Software to the fixed release at or after 12122023.
Verify the exact deployed version across all environments, including staging, backups, and container images.
Review server-side output encoding and request parameter handling for any pages that reflect user input.
Use the USOM and NVD references to confirm vendor guidance and remediation status before scheduling maintenance.
Temporarily reduce exposure of the affected web interface if immediate patching is not possible, and monitor for suspicious requests that target reflected input fields.

Evidence notes

This debrief is based only on the supplied NVD record and USOM references. The source data identifies the affected CPE as softomi:advanced_c2c_marketplace_software with vulnerability coverage ending before 12122023, and classifies the weakness as CWE-79. No exploit details are included here. The CVE publication date used for timing is 2023-12-21, while the 2026-05-20 date is a record modification timestamp.

Official resources

CVE-2023-6122 CVE record
CVE.org
CVE-2023-6122 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Third Party Advisory

CVE published on 2023-12-21T14:15:09.063Z. The 2026-05-20T14:16:35.223Z timestamp is the latest record modification time and should not be treated as the disclosure date.