CVE-2025-62528 MEDIUM

CVE-2025-62528: Taguette cross-site scripting vulnerability via tag name, tag description, document name and document description

Vendor Remram44
Product taguette
Weakness CWE-79 · XSS
Published October 20, 2025
Last update October 20, 2025

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0.

Key dates

02Disclosure timeline

October 20, 2025 CVE published
October 20, 2025 Record updated