Home

CVE-2025-62528

Description

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0.

Risk Information

Base Score
5.4
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.021

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2025-62527,CVE-2025-62528 are fixed in Python-taguette 1.5.0Windows
Vulnerabilities CVE-2025-62527,CVE-2025-62528 are fixed in Python-taguette for linux 1.5.0Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234