exploitDog

CVE-2025-62527

Опубликовано: 20 окт. 2025

Источник: nvd

CVSS3: 7.1

EPSS Низкий

Описание

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim. This issue has been patched in version 1.5.0.

Ссылки

https://github.com/remram44/taguette/security/advisories/GHSA-7rc8-5c8q-jr6j
Issue Tracking
Vendor Advisory
https://gitlab.com/remram44/taguette/-/issues/331
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:taguette:taguette:*:*:*:*:*:*:*:*

Версия до 1.5.0 (включая)

EPSS

Процентиль: 10%

0.00036

Низкий

7.1 High

CVSS3

Дефекты

CWE-15

Связанные уязвимости

GHSA-7rc8-5c8q-jr6j

CVSS3: 7.1

github

4 месяца назад

Taguette password reset link poisoning

EPSS

Процентиль: 10%

0.00036

Низкий

7.1 High

CVSS3

Дефекты

CWE-15