2 matches found
CVE-2025-1585
Tale Blog (otale tale) up to version 2.0.5 is affected. The vulnerability resides in the OptionsService function (src/main/resources/templates/themes/default/partial/header.html) where manipulating the logo_url argument enables cross-site scripting. The issue can be exploited remotely and the pub...
CVE-2025-69749
CVE-2025-69749 describes a Cross Site Scripting vulnerability in tale v2.0.5 . The public descriptions state an attacker can execute arbitrary code, but the connected documents do not provide concrete technical details (e.g., vulnerable component, root cause, affected files, or patch/version with...