GHSA-g9qw-g6rv-3889MediumCVSS 5.4
Taguette vulnerable to cross-site scripting via tag name, tag description, document name and document description
🔗 CVE IDs covered (1)
📋 Description
Impact
An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load.
Patches
Users should upgrade to Taguette 1.5.0.
References
- https://gitlab.com/remram44/taguette/-/issues/330
🎯 Affected products1
- pip/taguette:< 1.5.0
🔗 References (5)
- https://github.com/remram44/taguette/security/advisories/GHSA-g9qw-g6rv-3889
- https://gitlab.com/remram44/taguette/-/issues/330
- https://nvd.nist.gov/vuln/detail/CVE-2025-62528
- https://github.com/pypa/advisory-database/tree/main/vulns/taguette/PYSEC-2025-188.yaml
- https://github.com/advisories/GHSA-g9qw-g6rv-3889