These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2023-4672 is a reflected cross-site scripting (XSS) vulnerability in Talentyazilim ECOP affecting versions before 32255. The NVD record classifies it as CWE-79 and rates the issue as network-reachable with user interaction required, which means risk centers on victims being induced to open a crafted link or page in a browser.
CVE-2023-4671 is a critical SQL injection vulnerability affecting Talentyazilim ECOP before 32255. The published record describes improper neutralization of special elements in an SQL command and notes that the issue can lead to command line execution through SQL injection. NVD assigns a 9.8 CVSS v3.1 score with network access, no privileges, and no user interaction required, indicating high potential imp [truncated]