Description
Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1.
Published: 2026-05-11
Score: 5.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Taiga front is vulnerable to stored XSS, allowing an attacker to inject malicious scripts that are later executed in the browsers of users viewing the affected content. The weakness, classified as CWE‑79, can lead to session hijacking, defacement, or theft of sensitive client‑side information. The vulnerability is reflected in saved data fields, meaning any user who can input data into the front‑end may influence scripts delivered to other users.

Affected Systems

The taigaio taiga‑front product is affected. All releases prior to version 6.9.1 are susceptible. Upgrading to version 6.9.1 or later includes the fix. No other products or versions are listed as impacted.

Risk and Exploitability

The CVSS score of 5.7 indicates moderate severity. The EPSS score is not available, and the vulnerability is not listed in CISA KEV, suggesting no widespread commercial exploitation has been documented. The likely attack vector involves user input that is stored by the front‑end; any authenticated or unauthenticated user capable of creating or editing stored content could trigger the exploit. Because the issue is a stored XSS, it requires access to the affected system or a compromised account to supply malicious payloads.

Generated by OpenCVE AI on May 11, 2026 at 18:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the taiga‑front product to version 6.9.1 or later.
  • If immediate patching is infeasible, block or disable any features that allow arbitrary HTML or JavaScript to be stored and rendered, such as comments, notes, or description fields, until the fix is applied.
  • Implement server‑side input sanitization to escape or strip dangerous characters from user‑supplied content before it is stored and displayed.

Generated by OpenCVE AI on May 11, 2026 at 18:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 18:30:00 +0000

Type Values Removed Values Added
References

Mon, 11 May 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Taigaio
Taigaio taiga Front
Vendors & Products Taigaio
Taigaio taiga Front

Mon, 11 May 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1.
Title XSS in taiga-front
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 5.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N'}

Subscriptions

Taigaio Taiga Front
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-12T17:39:07.742Z

Reserved: 2026-04-18T03:47:03.136Z

Link: CVE-2026-41250

cve-icon Vulnrichment

Updated: 2026-05-11T17:24:29.888Z

cve-icon NVD

Status : Received

Published: 2026-05-11T18:16:33.837

Modified: 2026-05-12T18:17:22.347

Link: CVE-2026-41250

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T18:30:05Z

Weaknesses