漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Taguette does not safeguard against Open Redirect
Vulnerability Description
Taguette is an open source qualitative research tool. In versions 1.5.1 and below, attackers can craft malicious URLs that redirect users to arbitrary external websites after authentication. The application accepts a user-controlled next parameter and uses it directly in HTTP redirects without any validation. This can be exploited for phishing attacks where victims believe they are interacting with a trusted Taguette instance but are redirected to a malicious site designed to steal credentials or deliver malware. This issue is fixed in version 1.5.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
Taguette 输入验证错误漏洞
Vulnerability Description
Taguette是Remi Rampin个人开发者的一个定性研究工具。 Taguette 1.5.1及之前版本存在输入验证错误漏洞,该漏洞源于next参数验证不足,可能导致钓鱼攻击。
CVSS Information
N/A
Vulnerability Type
N/A