{"id":"GHSA-7rc8-5c8q-jr6j","summary":"Taguette password reset link poisoning","details":"### Impact\nAn issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim.\n\n### Patches\nUsers should upgrade to Taguette 1.5.0.\n\n### References\n- https://gitlab.com/remram44/taguette/-/issues/331","aliases":["CVE-2025-62527"],"modified":"2025-10-22T17:12:15.899028Z","published":"2025-10-20T20:08:45Z","database_specific":{"nvd_published_at":"2025-10-20T20:15:37Z","github_reviewed_at":"2025-10-20T20:08:45Z","github_reviewed":true,"cwe_ids":["CWE-15"],"severity":"HIGH"},"references":[{"type":"WEB","url":"https://github.com/remram44/taguette/security/advisories/GHSA-7rc8-5c8q-jr6j"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62527"},{"type":"PACKAGE","url":"https://github.com/remram44/taguette"},{"type":"WEB","url":"https://gitlab.com/remram44/taguette/-/issues/331"}],"affected":[{"package":{"name":"taguette","ecosystem":"PyPI","purl":"pkg:pypi/taguette"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.0"}]}],"versions":["0.0","0.0.1","0.1","0.10","0.10.1","0.11","0.2","0.3","0.4","0.4.1","0.4.2","0.4.3","0.4.4","0.5.post1","0.6","0.7","0.8","0.9","0.9.1","0.9.2","1.0.0","1.0.1","1.1.0","1.1.1","1.2.0","1.3.0","1.4.1"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-7rc8-5c8q-jr6j/GHSA-7rc8-5c8q-jr6j.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"}]}