CVE-2025-1585

A vulnerability, which was classified as problematic, has been found in otale tale up to 2.0.5. This issue affects the function OptionsService of the file src/main/resources/templates/themes/default/partial/header.html. The manipulation of the argument logourl leads to cross site scripting. The...

EUVD-2025-6664

Malicious code in bioql PyPI...

EUVD-2025-4409

Malicious code in bioql PyPI...

CVE-2025-2340

Summary (CVE-2025-2340): A cross-site scripting flaw affects Tale Blog 2.0.5, specifically the Site Settings component: the function /options/save.saveOptions accepts a manipulated Site Title, enabling remote XSS. The vulnerability’s root cause is input handling in the Site Title argument, leadin...

CVE-2025-2340 otale Tale Blog Site Settings save saveOptions cross site scripting

A vulnerability was found in otale Tale Blog 2.0.5. It has been declared as problematic. This vulnerability affects the function saveOptions of the file /options/save of the component Site Settings. The manipulation of the argument Site Title leads to cross site scripting. The attack can be...

CVE-2025-2340 otale Tale Blog Site Settings save saveOptions cross site scripting

A vulnerability was found in otale Tale Blog 2.0.5. It has been declared as problematic. This vulnerability affects the function saveOptions of the file /options/save of the component Site Settings. The manipulation of the argument Site Title leads to cross site scripting. The attack can be...

CVE-2025-2339 otale Tale Blog logs improper authentication

A vulnerability was found in otale Tale Blog 2.0.5. It has been classified as problematic. This affects an unknown part of the file /%61dmin/api/logs. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public an...

CVE-2025-2339 otale Tale Blog logs improper authentication

A vulnerability was found in otale Tale Blog 2.0.5. It has been classified as problematic. This affects an unknown part of the file /%61dmin/api/logs. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public an...

CVE-2025-1585

A vulnerability, which was classified as problematic, has been found in otale tale up to 2.0.5. This issue affects the function OptionsService of the file src/main/resources/templates/themes/default/partial/header.html. The manipulation of the argument logourl leads to cross site scripting. The...

CVE-2025-1585

A vulnerability, which was classified as problematic, has been found in otale tale up to 2.0.5. This issue affects the function OptionsService of the file src/main/resources/templates/themes/default/partial/header.html. The manipulation of the argument logourl leads to cross site scripting. The...

CVE-2025-1585

Tale Blog (otale tale) up to version 2.0.5 is affected. The vulnerability resides in the OptionsService function (src/main/resources/templates/themes/default/partial/header.html) where manipulating the logo_url argument enables cross-site scripting. The issue can be exploited remotely and the pub...

PT-2025-7671 · Unknown · Otale Tale

Name of the Vulnerable Software and Affected Versions: otale tale versions 2.0.5 and earlier Description: A problem has been found in the function OptionsService of the file src/main/resources/templates/themes/default/partial/header.html. The manipulation of the argument logo url leads to cross...