Home

Description

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0.

PUBLISHED Reserved 2025-10-15 | Published 2025-10-20 | Updated 2025-10-20 | Assigner GitHub_M




MEDIUM: 5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Problem types

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

< 1.5.0
affected

References

github.com/...guette/security/advisories/GHSA-g9qw-g6rv-3889

gitlab.com/remram44/taguette/-/issues/330

cve.org (CVE-2025-62528)

nvd.nist.gov (CVE-2025-62528)

Download JSON