VYPR
Moderate severityNVD Advisory· Published Oct 20, 2025· Updated Oct 20, 2025

Taguette cross-site scripting vulnerability via tag name, tag description, document name and document description

CVE-2025-62528

Description

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
taguettePyPI
< 1.5.01.5.0

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.