CVE-2025-2204 MEDIUM

CVE-2025-2204: XSS in Tapandsign Technologies' Tap&Sign App

Vendor Tapandsign Technologies Software Inc.

Product Tap&Sign

Weakness CWE-79 · XSS

Published January 23, 2026

Last update June 6, 2026

View on NVD All CVEs

CVSS base score

4.7/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tapandsign Technologies Software Inc. Tap&Sign allows Cross-Site Scripting (XSS). This issue affects Tap&Sign: through 23012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

January 23, 2026 CVE published

June 6, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-2204

Related vulnerabilities

04Related CVE

CVE-2024-4448 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table' CVE-2025-47042 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) CVE-2024-47090 XSS via WYSIWYG editor CVE-2024-40748 [20250102] - Core - XSS vector in the id attribute of menu lists CVE-2023-23979 WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Scripting (XSS)

Identifiers

CVE CVE-2025-2204

CWE CWE-79

CVSS 4.7 / MEDIUM

Affected versions

Vendor Tapandsign Technologies Software Inc.

Product Tap&Sign

Affected ≤ 23012026