CVE-2025-1585 | otale up to 2.0.5 header.html OptionsService logo_url cross site scripting

A vulnerability, which was classified as problematic, has been found in otale tale up to 2.0.5. This issue affects the function OptionsService of the file src/main/resources/templates/themes/default/partial/header.html. The manipulation of the argument logo_url leads to cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer.

The identification of this vulnerability is CVE-2025-1585. The attack may be initiated remotely. Furthermore, there is an exploit available.

CVE-2025-1585 | otale up to 2.0.5 header.html OptionsService logo_url cross site scripting

Post correlati

CVE-2023-46839 | Xen PCI Device memory corruption

CVE-2024-44757 | NUS-M9 ERP Management Software 3.0.0 /Basics/DownloadInpFile information disclosure

CVE-2024-26801 | Linux Kernel up to 6.7.8 Bluetooth hci_error_reset use after free

CVE-2024-20023 | MediaTek MT8678 Flashc out-of-bounds write (ALPS08541638)