CVE-2025-13127 PUBLISHED

XSS in TACAS Consulting's GoldenHorn

Assigner: TR-CERT
Reserved: 13.11.2025 Published: 10.12.2025 Updated: 10.12.2025

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TAC Information Services Internal and External Trade Inc. GoldenHorn allows Cross-Site Scripting (XSS).This issue affects GoldenHorn: before 4.25.1121.1.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
CVSS Score: 3.5

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	Low	Integrity Impact	None
User Interaction	Required	Availability Impact	None

CVSS 3.1

Product Status

Vendor	TAC Information Services Internal and External Trade Inc.
Product	GoldenHorn
Versions	Default: unaffected affected from 0 to 4.25.1121.1 (excl.)

Credits

Samet YILMAZ finder

References

https://www.usom.gov.tr/bildirim/tr-25-0441

Problem Types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') CWE

Impacts

CAPEC-63 Cross-Site Scripting (XSS)