Tale Blog Security Vulnerabilities

Tale Blog is a Java blog developed using the Tale Blog System, which is open-source. Version 2.0.5 of Tale Blog has a security vulnerability that can be exploited by cross-site scripting attacks...

EUVD-2025-6664

Malicious code in bioql PyPI...

EUVD-2025-6665

Malicious code in bioql PyPI...

CVE-2025-2340

A vulnerability was found in otale Tale Blog 2.0.5. It has been declared as problematic. This vulnerability affects the function saveOptions of the file /options/save of the component Site Settings. The manipulation of the argument Site Title leads to cross site scripting. The attack can be...

CVE-2025-2340

A vulnerability was found in otale Tale Blog 2.0.5. It has been declared as problematic. This vulnerability affects the function saveOptions of the file /options/save of the component Site Settings. The manipulation of the argument Site Title leads to cross site scripting. The attack can be...

CVE-2025-2340

A vulnerability was found in otale Tale Blog 2.0.5. It has been declared as problematic. This vulnerability affects the function saveOptions of the file /options/save of the component Site Settings. The manipulation of the argument Site Title leads to cross site scripting. The attack can be...

CVE-2025-2340 otale Tale Blog Site Settings save saveOptions cross site scripting

A vulnerability was found in otale Tale Blog 2.0.5. It has been declared as problematic. This vulnerability affects the function saveOptions of the file /options/save of the component Site Settings. The manipulation of the argument Site Title leads to cross site scripting. The attack can be...

CVE-2025-2340 otale Tale Blog Site Settings save saveOptions cross site scripting

A vulnerability was found in otale Tale Blog 2.0.5. It has been declared as problematic. This vulnerability affects the function saveOptions of the file /options/save of the component Site Settings. The manipulation of the argument Site Title leads to cross site scripting. The attack can be...

CVE-2025-2340

Summary (CVE-2025-2340): A cross-site scripting flaw affects Tale Blog 2.0.5, specifically the Site Settings component: the function /options/save.saveOptions accepts a manipulated Site Title, enabling remote XSS. The vulnerability’s root cause is input handling in the Site Title argument, leadin...

CVE-2025-2339

A vulnerability was found in otale Tale Blog 2.0.5. It has been classified as problematic. This affects an unknown part of the file /%61dmin/api/logs. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public an...

CVE-2025-2339 otale Tale Blog logs improper authentication

A vulnerability was found in otale Tale Blog 2.0.5. It has been classified as problematic. This affects an unknown part of the file /%61dmin/api/logs. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public an...

CVE-2025-2339 otale Tale Blog logs improper authentication

A vulnerability was found in otale Tale Blog 2.0.5. It has been classified as problematic. This affects an unknown part of the file /%61dmin/api/logs. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public an...

CVE-2025-2339

Summary of CVE-2025-2339 (otale Tale Blog 2.0.5): A vulnerability involving improper authentication was reported in Tale Blog 2.0.5. The issue affects an unknown part of the file /%61dmin/api/logs. It can be exploited remotely, and public exploitation is noted in the sources. The vulnerability is...

Tale Blog 代码注入漏洞

Tale Blog is a Java blog open-sourced by Tale Blog System. A code injection vulnerability exists in Tale Blog version 2.0.5, which originates from cross-site scripting and could lead to remote attacks...

Tale Blog 授权问题漏洞

Tale Blog is a Java blog open-sourced by Tale Blog System. An authorization issue vulnerability exists in Tale Blog version 2.0.5, which stems from improper authentication and could lead to remote attacks...

Tale Blog Cross-Site Scripting Vulnerability

Tale Blog is a Java blog. A cross-site scripting vulnerability exists in Tale Blog version 2.0.5 and earlier versions, which stems from the lack of effective filtering and escaping of user-supplied data in the logourl parameter of the OptionsService function of...

Tale Blog 代码注入漏洞

Tale Blog is a Java blog. A cross-site scripting vulnerability exists in Tale Blog version 2.0.5 and earlier versions, which stems from the lack of effective filtering and escaping of user-supplied data in the logourl parameter of the OptionsService function of...

Tale blog has a file read vulnerability

Tale blog is a java development blog system. Tale blog has a file read vulnerability that can be exploited by attackers to obtain sensitive information...

Backend Login Bypass Vulnerability in Tale Blog System

Tale blog system is a java development blog system. A backend login bypass vulnerability exists in Tale Blog System. An attacker can exploit this vulnerability to construct a cookie to log into any account...