Skip to main content
CVE-2025-13127 LOW Monitor

Cross-site scripting in GoldenHorn (a web-based trade management platform by TAC Information Services Internal and External Trade Inc.) allows a low-privileged authenticated attacker to inject malicious JavaScript into pages rendered by other users, resulting in limited confidentiality impact such as session token or data exfiltration. All versions prior to 4.25.1121.1 are affected. No active exploitation has been confirmed (not listed in CISA KEV), and the EPSS score of 0.02% (7th percentile) indicates very low exploitation probability at time of analysis.

XSS
NVD VulDB
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-14082 LOW PATCH Monitor

{realm}/roles endpoint, allowing high-privileged authenticated users to access role information they should not have permission to view. With a CVSS score of 2.7 and EPSS of 0.01%, this is a low-severity information disclosure affecting confidentiality only; no public exploit identified at time of analysis.

Information Disclosure
NVD
CVSS 3.1
2.7
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy