Skip to main content

Taiga Front

1 CVEs product

Monthly

CVE-2026-41250 MEDIUM PATCH This Month

Taiga Front prior to version 6.9.1 contains a stored cross-site scripting (XSS) vulnerability that allows authenticated users with limited privileges to inject malicious scripts into confirmation messages and dialogs. When other users view these messages, the scripts execute in their browser context, potentially allowing attackers to steal session cookies, perform unauthorized actions, or redirect victims to malicious sites. The vulnerability requires user interaction (UI:R) but affects confidentiality with a CVSS score of 5.7.

XSS Taiga Front
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Taiga Front prior to version 6.9.1 contains a stored cross-site scripting (XSS) vulnerability that allows authenticated users with limited privileges to inject malicious scripts into confirmation messages and dialogs. When other users view these messages, the scripts execute in their browser context, potentially allowing attackers to steal session cookies, perform unauthorized actions, or redirect victims to malicious sites. The vulnerability requires user interaction (UI:R) but affects confidentiality with a CVSS score of 5.7.

XSS Taiga Front
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy