PT-2025-42806 · Taguette · Taguette

Published

2025-10-20

·

Updated

2025-10-22

·

CVE-2025-62528

CVSS v3.1

5.4

Medium

VectorAV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Taguette versions prior to 1.5.0
Description A flaw exists in Taguette that allows a project member to inject JavaScript code into the name or description fields. This code could then execute when the project is loaded. There is no information about the number of potentially affected devices worldwide or any real-world incidents where this issue was exploited.
Recommendations Upgrade to Taguette version 1.5.0.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-62528
GHSA-G9QW-G6RV-3889
PYSEC-2025-188

Affected Products

Taguette