216.73.217.19

CVE-2025-41087

· Published 24/11/2025 12:15 · Modified 25/11/2025 22:16

Labels: CVE-2025-41087 2025-11-24CVE-2025-41087CWE-79[email protected]

Essential information

Published
24/11/2025 12:15
Modified
25/11/2025 22:16
Author
Creator
CVSS
5.1 MEDIUM (v3) 5.1 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Cross-Site Scripting (XSS) vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of any user who accesses the compromised resource.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

References