PyPI package
taguette
pkg:pypi/taguette
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-67502 | — | < 1.5.2 | 1.5.2 | Dec 9, 2025 | Taguette is an open source qualitative research tool. In versions 1.5.1 and below, attackers can craft malicious URLs that redirect users to arbitrary external websites after authentication. The application accepts a user-controlled next parameter and uses it directly in HTTP re | ||
| CVE-2025-62528 | — | < 1.5.0 | 1.5.0 | Oct 20, 2025 | Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5 | ||
| CVE-2025-62527 | — | < 1.5.0 | 1.5.0 | Oct 20, 2025 | Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim. Th |
- CVE-2025-67502Dec 9, 2025affected < 1.5.2fixed 1.5.2
Taguette is an open source qualitative research tool. In versions 1.5.1 and below, attackers can craft malicious URLs that redirect users to arbitrary external websites after authentication. The application accepts a user-controlled next parameter and uses it directly in HTTP re
- CVE-2025-62528Oct 20, 2025affected < 1.5.0fixed 1.5.0
Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5
- CVE-2025-62527Oct 20, 2025affected < 1.5.0fixed 1.5.0
Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim. Th