Tale Project

tale_project

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Tale

tale

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-69749 1Tale Project 1Tale Jun 17, 2026 Jan 29, 2026 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in tale v.2.0.5 allows an attacker to execute arbitrary code.
CVE-2025-1585 1Tale Project 1Tale Jun 17, 2026 Feb 23, 2025 4.8 MEDIUM· v4 5.4 MEDIUM· v3 3.3 LOW· v2 A vulnerability, which was classified as problematic, has been found in otale tale up to 2.0.5. This issue affects the function OptionsService of the file src/main/resources/templates/themes/default/partial/header.html....Show more A vulnerability, which was classified as problematic, has been found in otale tale up to 2.0.5. This issue affects the function OptionsService of the file src/main/resources/templates/themes/default/partial/header.html. The manipulation of the argument logo_url leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2025-69749

1Tale Project

1Tale

Jun 17, 2026

Jan 29, 2026

N/A· v4

6.1 MEDIUM· v3

N/A· v2

Cross Site Scripting vulnerability in tale v.2.0.5 allows an attacker to execute arbitrary code.

CVE-2025-1585

1Tale Project

1Tale

Jun 17, 2026

Feb 23, 2025

4.8 MEDIUM· v4

5.4 MEDIUM· v3

3.3 LOW· v2

A vulnerability, which was classified as problematic, has been found in otale tale up to 2.0.5. This issue affects the function OptionsService of the file src/main/resources/templates/themes/default/partial/header.html. The manipulation of the argument logo_url leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.Show less