CVE-2025-41087 MEDIUM

CVE-2025-41087: Cross-Site Scripting (XSS) stored in Taclia's web application

Vendor Taclia
Product Taclia's web application
Weakness CWE-79 · XSS
Published November 24, 2025
Last update November 24, 2025

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Cross-Site Scripting (XSS) vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of any user who accesses the compromised resource.

Key dates

02Disclosure timeline

November 24, 2025 CVE published
November 24, 2025 Record updated