4.25.1121.1
CVE-2025-13127 describes a Cross-Site Scripting (XSS) vulnerability within TAC Information Services' GoldenHorn application. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to data theft or session hijacking. The vulnerability impacts versions of GoldenHorn prior to 4.25.1121.1, and a patch is available to address the issue.
Successful exploitation of CVE-2025-13127 enables an attacker to execute arbitrary JavaScript code within the context of a victim's browser session. This can be leveraged to steal sensitive information such as session cookies, authentication tokens, and personal data entered into web forms. An attacker could also redirect users to malicious websites, deface the application, or perform actions on behalf of the victim without their knowledge. The impact is particularly severe if GoldenHorn is used to manage sensitive data or handle financial transactions, as attackers could gain unauthorized access to critical systems and information.
CVE-2025-13127 was publicly disclosed on 2025-12-10. The CVSS score is LOW (3.5), suggesting a relatively low probability of exploitation in the wild. No public proof-of-concept (POC) code has been released at the time of writing. This vulnerability is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.04% (12% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-13127 is to upgrade GoldenHorn to version 4.25.1121.1 or later. If immediate upgrading is not possible, consider implementing input validation and output encoding on all user-supplied data to prevent the injection of malicious scripts. Web Application Firewalls (WAFs) configured with rules to detect and block XSS attacks can provide an additional layer of defense. Regularly scan the application for XSS vulnerabilities using automated tools.
Update GoldenHorn to version 4.25.1121.1 or later. This update addresses a Cross-Site Scripting (XSS) vulnerability that could allow attackers to execute malicious code in users' browsers. Applying the update as soon as possible is recommended to mitigate the risk.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-13127 is a Cross-Site Scripting (XSS) vulnerability affecting TAC Information Services' GoldenHorn application, allowing attackers to inject malicious scripts into web pages.
You are affected if you are using GoldenHorn versions 0–4.25.1121.1. Upgrade to version 4.25.1121.1 or later to mitigate the risk.
The recommended fix is to upgrade GoldenHorn to version 4.25.1121.1 or later. Implement input validation and output encoding as a temporary workaround.
There is no confirmed active exploitation of CVE-2025-13127 at this time, but it's crucial to apply the patch to prevent potential future attacks.
Refer to TAC Information Services' official security advisory for detailed information and updates regarding CVE-2025-13127.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.