A stored cross-site scripting vulnerability has been identified in the Talend Administration Center. An attacker who has permission to manage servers can embed a malicious XSS payload that is persisted by the application. When another user accesses the affected portion of the console, the payload executes in their browser, allowing the attacker to steal authentication tokens, inject malicious scripts, or manipulate the user interface. The weakness corresponds to CWE‑79, representing improper neutralization of input during web page generation.

The vulnerability impacts Talend Administration Center, a product supplied by Talend. No specific version range is published in the CNA data; administrators should confirm whether their installation incorporates the fix referenced in the vendor advisory. Any installation that permits a server‑management role to persist data is potentially affected.

The CVSS base score of 5.4 indicates moderate severity. No EPSS score is provided, and the vulnerability is not listed in the CISA KEV catalog, suggesting limited evidence of exploitation. The attack requires the attacker to possess server‑management permissions to embed the payload; once stored, a different authenticated user becomes vulnerable when accessing the console. This implies that compromised privileged accounts or poorly controlled server‑management permissions present the main risk vectors. The lack of widespread exploitation evidence reduces the immediate threat, yet the potential impact on privileged users remains significant.