PatchSiren cyber security CVE debrief
CVE-2025-8308 Key Software Solutions Inc. CVE debrief
CVE-2025-8308 is an Improper Neutralization of Input During Web Page Generation (XSS) vulnerability in Key Software Solutions Inc. INFOREX- General Information Management System. The vulnerability allows for XSS through HTTP headers. This issue affects INFOREX- General Information Management System from 2025 and before 18022026. The CVSS score for this vulnerability is 6.3, with a severity rating of MEDIUM.
- Vendor
- Key Software Solutions Inc.
- Product
- INFOREX- General Information Management System
- CVSS
- MEDIUM 6.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-18
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-02-18
- Advisory updated
- 2026-06-05
Who should care
Users of INFOREX- General Information Management System from 2025 and before 18022026 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by improper neutralization of input during web page generation, allowing for cross-site scripting (XSS) attacks through HTTP headers.
Defensive priority
MEDIUM
Recommended defensive actions
- Update INFOREX- General Information Management System to a version after 18022026.
- Implement proper input validation and sanitization to prevent XSS attacks.
Evidence notes
The vendor was contacted early about this disclosure but did not respond in any way.
Official resources
CVE-2025-8308 was published on 2026-02-18T14:16:05.330Z and modified on 2026-06-05T12:16:32.250Z.