19 matches found
Tale Blog Security Vulnerabilities
Tale Blog is a Java blog developed using the Tale Blog System, which is open-source. Version 2.0.5 of Tale Blog has a security vulnerability that can be exploited by cross-site scripting attacks...
EUVD-2025-6665
Malicious code in bioql PyPI...
EUVD-2025-6664
Malicious code in bioql PyPI...
CVE-2025-2340
A vulnerability was found in otale Tale Blog 2.0.5. It has been declared as problematic. This vulnerability affects the function saveOptions of the file /options/save of the component Site Settings. The manipulation of the argument Site Title leads to cross site scripting. The attack can be...
CVE-2025-2340
A vulnerability was found in otale Tale Blog 2.0.5. It has been declared as problematic. This vulnerability affects the function saveOptions of the file /options/save of the component Site Settings. The manipulation of the argument Site Title leads to cross site scripting. The attack can be...
CVE-2025-2340
A vulnerability was found in otale Tale Blog 2.0.5. It has been declared as problematic. This vulnerability affects the function saveOptions of the file /options/save of the component Site Settings. The manipulation of the argument Site Title leads to cross site scripting. The attack can be...
CVE-2025-2340 otale Tale Blog Site Settings save saveOptions cross site scripting
A vulnerability was found in otale Tale Blog 2.0.5. It has been declared as problematic. This vulnerability affects the function saveOptions of the file /options/save of the component Site Settings. The manipulation of the argument Site Title leads to cross site scripting. The attack can be...
CVE-2025-2340 otale Tale Blog Site Settings save saveOptions cross site scripting
A vulnerability was found in otale Tale Blog 2.0.5. It has been declared as problematic. This vulnerability affects the function saveOptions of the file /options/save of the component Site Settings. The manipulation of the argument Site Title leads to cross site scripting. The attack can be...
CVE-2025-2340
Summary (CVE-2025-2340): A cross-site scripting flaw affects Tale Blog 2.0.5, specifically the Site Settings component: the function /options/save.saveOptions accepts a manipulated Site Title, enabling remote XSS. The vulnerability’s root cause is input handling in the Site Title argument, leadin...
CVE-2025-2339
A vulnerability was found in otale Tale Blog 2.0.5. It has been classified as problematic. This affects an unknown part of the file /%61dmin/api/logs. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public an...
CVE-2025-2339 otale Tale Blog logs improper authentication
A vulnerability was found in otale Tale Blog 2.0.5. It has been classified as problematic. This affects an unknown part of the file /%61dmin/api/logs. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public an...
CVE-2025-2339 otale Tale Blog logs improper authentication
A vulnerability was found in otale Tale Blog 2.0.5. It has been classified as problematic. This affects an unknown part of the file /%61dmin/api/logs. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public an...
CVE-2025-2339
Summary of CVE-2025-2339 (otale Tale Blog 2.0.5): A vulnerability involving improper authentication was reported in Tale Blog 2.0.5. The issue affects an unknown part of the file /%61dmin/api/logs. It can be exploited remotely, and public exploitation is noted in the sources. The vulnerability is...
Tale Blog 授权问题漏洞
Tale Blog is a Java blog open-sourced by Tale Blog System. An authorization issue vulnerability exists in Tale Blog version 2.0.5, which stems from improper authentication and could lead to remote attacks...
Tale Blog 代码注入漏洞
Tale Blog is a Java blog open-sourced by Tale Blog System. A code injection vulnerability exists in Tale Blog version 2.0.5, which originates from cross-site scripting and could lead to remote attacks...
Tale Blog Cross-Site Scripting Vulnerability
Tale Blog is a Java blog. A cross-site scripting vulnerability exists in Tale Blog version 2.0.5 and earlier versions, which stems from the lack of effective filtering and escaping of user-supplied data in the logourl parameter of the OptionsService function of...
Tale Blog 代码注入漏洞
Tale Blog is a Java blog. A cross-site scripting vulnerability exists in Tale Blog version 2.0.5 and earlier versions, which stems from the lack of effective filtering and escaping of user-supplied data in the logourl parameter of the OptionsService function of...
Tale blog has a file read vulnerability
Tale blog is a java development blog system. Tale blog has a file read vulnerability that can be exploited by attackers to obtain sensitive information...
Backend Login Bypass Vulnerability in Tale Blog System
Tale blog system is a java development blog system. A backend login bypass vulnerability exists in Tale Blog System. An attacker can exploit this vulnerability to construct a cookie to log into any account...