PatchSiren

Yordam CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Yordam CVE published 2023-09-14

CVE-2023-4676

CVE-2023-4676 is a reflected cross-site scripting (XSS) issue in Yordam MedasPro. The public record ties the flaw to input that is not properly neutralized during web page generation, which can allow attacker-controlled content to be reflected back into a user’s browser. NVD lists the affected MedasPro range as versions before 28.

MEDIUM Yordam CVE published 2023-03-02

CVE-2021-45478

CVE-2021-45478 documents an improper handling of parameters vulnerability in Yordam Library Automation System versions prior to 19.2. The vulnerability allows an attacker with low privileges to collect data as provided by users. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) indicates network-accessible attack vector with low attack complexity, requiring low privileges and no user interaction, [truncated]

MEDIUM Yordam CVE published 2022-10-27

CVE-2021-45476

CVE-2021-45476 documents an unauthenticated reflected cross-site scripting (XSS) vulnerability in Yordam Library Information Document Automation product versions prior to 19.02. The vulnerability was published in the NVD on 2022-10-27 and most recently modified on 2026-05-18. The Turkish National Cyber Security Incident Response Team (USOM) issued advisory TR-22-0669, which serves as the primary source fo [truncated]

MEDIUM Yordam CVE published 2022-10-27

CVE-2021-45475

CVE-2021-45475 is a medium-severity information disclosure vulnerability affecting Yordam Library Automation System versions prior to 19.02. The vulnerability allows unauthenticated attackers to access sensitive information without requiring authentication credentials. The issue was publicly disclosed on October 27, 2022, with the most recent modification to the CVE record occurring on May 18, 2026. The v [truncated]