Описание
Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0.
Ссылки
- Issue TrackingVendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.0 (исключая)
cpe:2.3:a:taguette:taguette:*:*:*:*:*:*:*:*
EPSS
Процентиль: 9%
0.00033
Низкий
5.4 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
4 месяца назад
Taguette vulnerable to cross-site scripting via tag name, tag description, document name and document description
EPSS
Процентиль: 9%
0.00033
Низкий
5.4 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79