Description

Agate is central authentication server software for OBiBa epidemiology applications. Prior to version 3.3.0, when registering for an Agate account, arbitrary HTML code can be injected into a user's first and last name. This HTML is then rendered in the email sent to administrative users. The Agate service account sends this email and appears trustworthy, making this a significant risk for phishing attacks. Administrative users are impacted, as they can be targeted by unauthenticated users. Version 3.3.0 fixes the issue.

INFO

Published Date :

2025-03-17T13:11:53.696Z

Last Modified :

2025-03-17T13:31:23.176Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-27102 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-27102.

URL Resource
https://github.com/obiba/agate/releases/tag/3.3.0 cve-icon cve-icon
https://github.com/obiba/agate/security/advisories/GHSA-v3wj-7vj5-xj5v cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability