Cross-Site Scripting (XSS) stored in Taclia’s web application_CVE-2025-41087

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Description

Cross-Site Scripting (XSS) vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of any user who accesses the compromised resource.

Basic Information

ID CVE-2025-41087

Source INCIBE

Published Nov 24, 2025 at 11:27

Modified Nov 24, 2025 at 13:01

Affected Product

Vendor Taclia

Product Taclia's web application

Version All versions

Affected Versions Taclia Taclia's web application All versions

CWE Classification

CWE-79

References

www.incibe.es /en/incibe-cert/notices/aviso/cross-site-scripting-xss-stored-taclias-web-application

{
    "lastseen": "",
    "description": "Cross-Site Scripting (XSS) vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of any user who accesses the compromised resource.",
    "published": "2025-11-24T11:27:59.851Z",
    "modified": "2025-11-24T13:01:54.233Z",
    "type": "cve",
    "title": "Cross-Site Scripting (XSS) stored in Taclia's web application",
    "source": "INCIBE",
    "references": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-stored-taclias-web-application",
    "id": "CVE-2025-41087",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Taclia Taclia's web application All versions",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Taclia's web application",
    "version": "All versions",
    "vendor": "Taclia",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}