GHSA-g9qw-g6rv-3889

Опубликовано: 20 окт. 2025

Источник: github

Github: Прошло ревью

CVSS3: 5.4

Описание

Taguette vulnerable to cross-site scripting via tag name, tag description, document name and document description

Impact

An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load.

Patches

Users should upgrade to Taguette 1.5.0.

References

https://gitlab.com/remram44/taguette/-/issues/330

Ссылки

Пакеты

Наименование

taguette

pip

Затронутые версииВерсия исправления

< 1.5.0

1.5.0

EPSS

Процентиль: 9%

0.00033

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2025-62528

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-62528

CVSS3: 5.4

nvd

4 месяца назад

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0.

EPSS

Процентиль: 9%

0.00033

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2025-62528

Дефекты

CWE-79