JavaScript Injection Vulnerability in Taguette by Remram44
CVE-2025-62528

5.4MEDIUM

Key Information:

Vendor

Remram44

Status
Taguette
Vendor
CVE Published:
20 October 2025

What is CVE-2025-62528?

An issue has been identified in Taguette, an open-source qualitative research tool, allowing project members to inject malicious JavaScript into name or description fields. This vulnerability can lead to unintended script execution during project load, potentially jeopardizing user data and security. The flaw has been addressed in version 1.5.0, emphasizing the importance of keeping software updated to mitigate such security risks.

Affected Version(s)

taguette < 1.5.0

References

https://github.com/remram44/taguette/security/advisories/...
x_refsource_CONFIRM
https://gitlab.com/remram44/taguette/-/issues/330
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-62528 : JavaScript Injection Vulnerability in Taguette by Remram44