Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

otale

Source -

CNANVD

BOS Name -

N/A

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

2
Related CVEsRelated ProductsRelated AssignersReports
3Vulnerabilities found
CVE-2025-2340
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.04% / 10.21%
||
7 Day CHG+0.01%
Published-16 Mar, 2025 | 13:31
Updated-26 Aug, 2025 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
otale Tale Blog Site Settings save saveOptions cross site scripting

A vulnerability was found in otale Tale Blog 2.0.5. It has been declared as problematic. This vulnerability affects the function saveOptions of the file /options/save of the component Site Settings. The manipulation of the argument Site Title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-otaleotale
Product-tale_blogTale Blog
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-2339
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.08% / 23.42%
||
7 Day CHG+0.03%
Published-16 Mar, 2025 | 13:00
Updated-26 Aug, 2025 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
otale Tale Blog logs improper authentication

A vulnerability was found in otale Tale Blog 2.0.5. It has been classified as problematic. This affects an unknown part of the file /%61dmin/api/logs. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-otaleotale
Product-tale_blogTale Blog
CWE ID-CWE-287
Improper Authentication
CVE-2025-1585
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.04% / 11.15%
||
7 Day CHG~0.00%
Published-23 Feb, 2025 | 14:00
Updated-24 Feb, 2025 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
otale header.html OptionsService cross site scripting

A vulnerability, which was classified as problematic, has been found in otale tale up to 2.0.5. This issue affects the function OptionsService of the file src/main/resources/templates/themes/default/partial/header.html. The manipulation of the argument logo_url leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-otale
Product-tale
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')