NVD

Vulnerability Change Records for CVE-2025-2340

Action	Type	New Value
Added	Tag	unsupported-when-assigned
Added	Description	A vulnerability was found in otale Tale Blog 2.0.5. It has been declared as problematic. This vulnerability affects the function saveOptions of the file /options/save of the component Site Settings. The manipulation of the argument Site Title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer.
Added	CVSS V4.0	AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Added	CVSS V3.1	AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
Added	CVSS V2	(AV:N/AC:L/Au:M/C:N/I:P/A:N)
Added	CWE	CWE-79
Added	CWE	CWE-94
Added	Reference	https://github.com/qkdjksfkeg/cve_article/blob/main/Tale/XSS.md
Added	Reference	https://vuldb.com/?ctiid.299806
Added	Reference	https://vuldb.com/?id.299806
Added	Reference	https://vuldb.com/?submit.514793