Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Taguette does not safeguard against Open Redirect
Vulnerability Description
Taguette is an open source qualitative research tool. In versions 1.5.1 and below, attackers can craft malicious URLs that redirect users to arbitrary external websites after authentication. The application accepts a user-controlled next parameter and uses it directly in HTTP redirects without any validation. This can be exploited for phishing attacks where victims believe they are interacting with a trusted Taguette instance but are redirected to a malicious site designed to steal credentials or deliver malware. This issue is fixed in version 1.5.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
Taguette 输入验证错误漏洞
Vulnerability Description
Taguette是Remi Rampin个人开发者的一个定性研究工具。 Taguette 1.5.1及之前版本存在输入验证错误漏洞,该漏洞源于next参数验证不足,可能导致钓鱼攻击。
CVSS Information
N/A
Vulnerability Type
N/A