goldenhorn
Corrigido em
4.25.1121.1
CVE-2025-13127 describes a Cross-Site Scripting (XSS) vulnerability within TAC Information Services' GoldenHorn application. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to data theft or session hijacking. The vulnerability impacts versions of GoldenHorn prior to 4.25.1121.1, and a patch is available to address the issue.
Successful exploitation of CVE-2025-13127 enables an attacker to execute arbitrary JavaScript code within the context of a victim's browser session. This can be leveraged to steal sensitive information such as session cookies, authentication tokens, and personal data entered into web forms. An attacker could also redirect users to malicious websites, deface the application, or perform actions on behalf of the victim without their knowledge. The impact is particularly severe if GoldenHorn is used to manage sensitive data or handle financial transactions, as attackers could gain unauthorized access to critical systems and information.
CVE-2025-13127 was publicly disclosed on 2025-12-10. The CVSS score is LOW (3.5), suggesting a relatively low probability of exploitation in the wild. No public proof-of-concept (POC) code has been released at the time of writing. This vulnerability is not currently listed on the CISA KEV catalog.
Organizations utilizing GoldenHorn for internal or external trade processes, particularly those with older versions (0–4.25.1121.1) that haven't been updated, are at risk. Shared hosting environments where GoldenHorn is deployed could also be vulnerable if multiple tenants share the same infrastructure and one is compromised.
disclosure
Status do Exploit
EPSS
0.04% (percentil 12%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2025-13127 is to upgrade GoldenHorn to version 4.25.1121.1 or later. If immediate upgrading is not possible, consider implementing input validation and output encoding on all user-supplied data to prevent the injection of malicious scripts. Web Application Firewalls (WAFs) configured with rules to detect and block XSS attacks can provide an additional layer of defense. Regularly scan the application for XSS vulnerabilities using automated tools.
Actualice GoldenHorn a la versión 4.25.1121.1 o superior. Esta actualización corrige una vulnerabilidad de Cross-Site Scripting (XSS) que podría permitir a atacantes ejecutar código malicioso en el navegador de los usuarios. Se recomienda aplicar la actualización lo antes posible para mitigar el riesgo.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-13127 is a Cross-Site Scripting (XSS) vulnerability affecting TAC Information Services' GoldenHorn application, allowing attackers to inject malicious scripts into web pages.
You are affected if you are using GoldenHorn versions 0–4.25.1121.1. Upgrade to version 4.25.1121.1 or later to mitigate the risk.
The recommended fix is to upgrade GoldenHorn to version 4.25.1121.1 or later. Implement input validation and output encoding as a temporary workaround.
There is no confirmed active exploitation of CVE-2025-13127 at this time, but it's crucial to apply the patch to prevent potential future attacks.
Refer to TAC Information Services' official security advisory for detailed information and updates regarding CVE-2025-13127.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.