A broken access control vulnerability in Talend Administration Center allows low-privileged users with only 'View' permission to modify the Talend Studio update URL. This could enable supply chain attacks by redirecting update requests to attacker-controlled infrastructure. The vulnerability carries a HIGH severity CVSS 8.2 score with network attack vector, low privileges required, and high impact to conf [truncated]
A stored cross-site scripting (XSS) vulnerability exists in the Talend Administration Center. An attacker with server management permissions can store a malicious payload that executes when triggered by a different user. The vulnerability requires low attack complexity and user interaction, with network-based attack vector. The CVSS 3.1 score of 5.4 reflects medium severity due to the need for authenticat [truncated]
