CWE-1022
AllowedUse of Web Link to Untrusted Target with window.opener Access
Abstraction: Variant · Status: Incomplete
The web application produces links to untrusted external sites outside of its sphere of control, but it does not properly prevent the external site from modifying security-critical properties of the window.opener object, such as the location property.
26 vulnerabilities reference this CWE, most recent first.
CVE-2018-25089 (GCVE-0-2018-25089)
Vulnerability from cvelistv5 – Published: 2023-08-28 12:31 – Updated: 2024-09-30 17:50- CWE-1022 - Use of Web Link to Untrusted Target with window.opener Access
| URL | Tags |
|---|---|
| https://vuldb.com/?id.238157 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.238157 | signaturepermissions-required |
| https://github.com/glb/mediawiki-tag-extension-me… | patch |
| https://github.com/glb/mediawiki-tag-extension-me… | patch |
| Vendor | Product | Version | |
|---|---|---|---|
| glb | Meetup Tag Extension |
Affected:
0.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:33:47.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.238157"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.238157"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/glb/mediawiki-tag-extension-meetup/commit/850c726d6bbfe0bf270801fbb92a30babea4155c"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/glb/mediawiki-tag-extension-meetup/releases/tag/v0.2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25089",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T17:49:57.600187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T17:50:45.123Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Link Attribute Handler"
],
"product": "Meetup Tag Extension",
"vendor": "glb",
"versions": [
{
"status": "affected",
"version": "0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipulation leads to use of web link to untrusted target with window.opener access. Upgrading to version 0.2 is able to address this issue. The identifier of the patch is 850c726d6bbfe0bf270801fbb92a30babea4155c. It is recommended to upgrade the affected component. The identifier VDB-238157 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in glb Meetup Tag Extension 0.1 f\u00fcr MediaWiki ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Link Attribute Handler. Durch das Manipulieren mit unbekannten Daten kann eine use of web link to untrusted target with window.opener access-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 0.2 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 850c726d6bbfe0bf270801fbb92a30babea4155c bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.7,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1022",
"description": "CWE-1022 Use of Web Link to Untrusted Target with window.opener Access",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T12:43:24.091Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.238157"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.238157"
},
{
"tags": [
"patch"
],
"url": "https://github.com/glb/mediawiki-tag-extension-meetup/commit/850c726d6bbfe0bf270801fbb92a30babea4155c"
},
{
"tags": [
"patch"
],
"url": "https://github.com/glb/mediawiki-tag-extension-meetup/releases/tag/v0.2"
}
],
"timeline": [
{
"lang": "en",
"time": "2018-02-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2018-02-22T00:00:00.000Z",
"value": "Countermeasure disclosed"
},
{
"lang": "en",
"time": "2023-08-26T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-08-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-09-20T17:26:00.000Z",
"value": "VulDB entry last update"
}
],
"title": "glb Meetup Tag Extension Link Attribute reverse tabnabbing"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2018-25089",
"datePublished": "2023-08-28T12:31:04.889Z",
"dateReserved": "2023-08-26T20:13:13.681Z",
"dateUpdated": "2024-09-30T17:50:45.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-25058 (GCVE-0-2018-25058)
Vulnerability from cvelistv5 – Published: 2022-12-29 07:56 – Updated: 2024-08-05 12:26- CWE-1022 - Use of Web Link to Untrusted Target with window.opener Access
| URL | Tags |
|---|---|
| https://vuldb.com/?id.217017 | vdb-entry |
| https://vuldb.com/?ctiid.217017 | signaturepermissions-required |
| https://github.com/jasonmayes/Twitter-Post-Fetche… | issue-tracking |
| https://github.com/jasonmayes/Twitter-Post-Fetche… | patch |
| https://github.com/jasonmayes/Twitter-Post-Fetche… | patch |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Twitter-Post-Fetcher |
Affected:
17.x
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:26:39.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.217017"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.217017"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/jasonmayes/Twitter-Post-Fetcher/pull/170"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/jasonmayes/Twitter-Post-Fetcher/commit/7d281c6fb5acbc29a2cad295262c1f0c19ca56f3"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/jasonmayes/Twitter-Post-Fetcher/releases/tag/18.0.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Link Target Handler"
],
"product": "Twitter-Post-Fetcher",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "17.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible to initiate the attack remotely. Upgrading to version 18.0.0 is able to address this issue. The name of the patch is 7d281c6fb5acbc29a2cad295262c1f0c19ca56f3. It is recommended to upgrade the affected component. The identifier VDB-217017 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Twitter-Post-Fetcher bis 17.x entdeckt. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei js/twitterFetcher.js der Komponente Link Target Handler. Durch das Beeinflussen mit unbekannten Daten kann eine use of web link to untrusted target with window.opener access-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 18.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 7d281c6fb5acbc29a2cad295262c1f0c19ca56f3 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1022",
"description": "CWE-1022 Use of Web Link to Untrusted Target with window.opener Access",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-29T07:56:13.976Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.217017"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.217017"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/jasonmayes/Twitter-Post-Fetcher/pull/170"
},
{
"tags": [
"patch"
],
"url": "https://github.com/jasonmayes/Twitter-Post-Fetcher/commit/7d281c6fb5acbc29a2cad295262c1f0c19ca56f3"
},
{
"tags": [
"patch"
],
"url": "https://github.com/jasonmayes/Twitter-Post-Fetcher/releases/tag/18.0.0"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2022-12-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2022-12-29T09:01:10.000Z",
"value": "VulDB last update"
}
],
"title": "Twitter-Post-Fetcher Link Target twitterFetcher.js reverse tabnabbing"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2018-25058",
"datePublished": "2022-12-29T07:56:13.976Z",
"dateReserved": "2022-12-29T07:54:07.873Z",
"dateUpdated": "2024-08-05T12:26:39.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-588M-9QG5-35PQ
Vulnerability from github – Published: 2020-09-03 17:19 – Updated: 2021-09-28 22:06Versions of quill prior to 1.3.7 are vulnerable to Reverse Tabnabbing. The package uses target='_blank' in anchor tags, allowing attackers to access window.opener for the original page when opening links. This is commonly used for phishing attacks.
Recommendation
No fix is currently available. Consider using an alternative package until a fix is made available.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "quill"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-1022"
],
"github_reviewed": true,
"github_reviewed_at": "2020-08-31T18:45:03Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "Versions of `quill` prior to 1.3.7 are vulnerable to [Reverse Tabnabbing](https://www.owasp.org/index.php/Reverse_Tabnabbing). The package uses `target=\u0027_blank\u0027` in anchor tags, allowing attackers to access `window.opener` for the original page when opening links. This is commonly used for phishing attacks.\n\n\n## Recommendation\n\nNo fix is currently available. Consider using an alternative package until a fix is made available.",
"id": "GHSA-588m-9qg5-35pq",
"modified": "2021-09-28T22:06:18Z",
"published": "2020-09-03T17:19:09Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/quilljs/quill/issues/2438"
},
{
"type": "WEB",
"url": "https://github.com/quilljs/quill/pull/2674"
},
{
"type": "PACKAGE",
"url": "https://github.com/quilljs/quill"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/1039"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Reverse Tabnabbing in quill"
}
GHSA-74HC-57M5-83CH
Vulnerability from github – Published: 2022-12-22 12:30 – Updated: 2022-12-29 19:23A vulnerability was found in ahorner text-helpers 1.1.0/1.1.1. This vulnerability affects unknown code of the file lib/text_helpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The attack can be initiated remotely. Upgrading to version 1.2.0 can address this issue. The name of the patch is 184b60ded0e43c985788582aca2d1e746f9405a3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216520.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "text_helpers"
},
"ranges": [
{
"events": [
{
"introduced": "1.1.0"
},
{
"fixed": "1.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-36624"
],
"database_specific": {
"cwe_ids": [
"CWE-1022",
"CWE-266"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-22T20:03:04Z",
"nvd_published_at": "2022-12-22T10:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in ahorner text-helpers 1.1.0/1.1.1. This vulnerability affects unknown code of the file lib/text_helpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The attack can be initiated remotely. Upgrading to version 1.2.0 can address this issue. The name of the patch is 184b60ded0e43c985788582aca2d1e746f9405a3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216520.",
"id": "GHSA-74hc-57m5-83ch",
"modified": "2022-12-29T19:23:01Z",
"published": "2022-12-22T12:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36624"
},
{
"type": "WEB",
"url": "https://github.com/ahorner/text-helpers/pull/19"
},
{
"type": "WEB",
"url": "https://github.com/ahorner/text-helpers/commit/184b60ded0e43c985788582aca2d1e746f9405a3"
},
{
"type": "PACKAGE",
"url": "https://github.com/ahorner/text-helpers"
},
{
"type": "WEB",
"url": "https://github.com/ahorner/text-helpers/releases/tag/v1.1.0"
},
{
"type": "WEB",
"url": "https://github.com/ahorner/text-helpers/releases/tag/v1.2.0"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/text_helpers/CVE-2020-36624.yml"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.216520"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "text_helpers uses web link to untrusted target with window.opener access"
}
GHSA-8QCF-755R-4VHW
Vulnerability from github – Published: 2024-12-25 15:30 – Updated: 2025-01-10 21:31IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser.
{
"affected": [],
"aliases": [
"CVE-2024-39727"
],
"database_specific": {
"cwe_ids": [
"CWE-1022"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-25T14:15:22Z",
"severity": "MODERATE"
},
"details": "IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3\u00a0uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims\u2019 web browser.",
"id": "GHSA-8qcf-755r-4vhw",
"modified": "2025-01-10T21:31:26Z",
"published": "2024-12-25T15:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39727"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7176783"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9J82-QGPC-G3MQ
Vulnerability from github – Published: 2022-08-23 00:00 – Updated: 2022-08-24 00:00The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object.
{
"affected": [],
"aliases": [
"CVE-2022-2600"
],
"database_specific": {
"cwe_ids": [
"CWE-1022"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-22T15:15:00Z",
"severity": "MODERATE"
},
"details": "The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel=\"noopener noreferer\" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object.",
"id": "GHSA-9j82-qgpc-g3mq",
"modified": "2022-08-24T00:00:29Z",
"published": "2022-08-23T00:00:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2600"
},
{
"type": "WEB",
"url": "https://wpscan.com/vulnerability/01bbdefd-bdc3-43ef-9f35-6e7ebe786be2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FH98-FX6F-2PF6
Vulnerability from github – Published: 2022-05-31 00:00 – Updated: 2022-06-10 00:00The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to occur.
{
"affected": [],
"aliases": [
"CVE-2022-1583"
],
"database_specific": {
"cwe_ids": [
"CWE-1022"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-30T09:15:00Z",
"severity": "MODERATE"
},
"details": "The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to \"null\" when links to external sites are clicked, which may enable tabnabbing attacks to occur.",
"id": "GHSA-fh98-fx6f-2pf6",
"modified": "2022-06-10T00:00:53Z",
"published": "2022-05-31T00:00:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1583"
},
{
"type": "WEB",
"url": "https://wpscan.com/vulnerability/aa9d727c-4d17-4220-b8cb-e6dec30361a9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H6MQ-3CJ6-H738
Vulnerability from github – Published: 2020-09-03 23:21 – Updated: 2021-10-01 16:12Versions of showdown prior to 1.9.1 are vulnerable to Reverse Tabnabbing. The package uses target='_blank' in anchor tags, allowing attackers to access window.opener for the original page when opening links. This is commonly used for phishing attacks.
Recommendation
Upgrade to version 1.9.1 or later.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "showdown"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-1022"
],
"github_reviewed": true,
"github_reviewed_at": "2020-08-31T18:54:24Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "Versions of `showdown` prior to 1.9.1 are vulnerable to [Reverse Tabnabbing](https://www.owasp.org/index.php/Reverse_Tabnabbing). The package uses `target=\u0027_blank\u0027` in anchor tags, allowing attackers to access `window.opener` for the original page when opening links. This is commonly used for phishing attacks.\n\n\n## Recommendation\n\nUpgrade to version 1.9.1 or later.",
"id": "GHSA-h6mq-3cj6-h738",
"modified": "2021-10-01T16:12:36Z",
"published": "2020-09-03T23:21:16Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/showdownjs/showdown/pull/670"
},
{
"type": "WEB",
"url": "https://github.com/showdownjs/showdown/commit/1cd281f0643ef613dc1d36847d4c6cbb22501d91"
},
{
"type": "PACKAGE",
"url": "https://github.com/showdownjs/showdown"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-SHOWDOWN-469487"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/1302"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Reverse Tabnabbing in showdown"
}
GHSA-J9JV-927J-JJRM
Vulnerability from github – Published: 2023-03-05 21:30 – Updated: 2023-03-13 18:30A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/bookmarks/_refworks.html.erb. The manipulation leads to use of web link to untrusted target with window.opener access. The attack may be initiated remotely. Upgrading to version 1.0.71 is able to address this issue. The name of the patch is abe9f57123e0c278ae190cd7402a623d66c51375. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222287.
{
"affected": [],
"aliases": [
"CVE-2022-4927"
],
"database_specific": {
"cwe_ids": [
"CWE-1022",
"CWE-601"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-05T20:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/bookmarks/_refworks.html.erb. The manipulation leads to use of web link to untrusted target with window.opener access. The attack may be initiated remotely. Upgrading to version 1.0.71 is able to address this issue. The name of the patch is abe9f57123e0c278ae190cd7402a623d66c51375. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222287.",
"id": "GHSA-j9jv-927j-jjrm",
"modified": "2023-03-13T18:30:43Z",
"published": "2023-03-05T21:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4927"
},
{
"type": "WEB",
"url": "https://github.com/ualbertalib/NEOSDiscovery/pull/547"
},
{
"type": "WEB",
"url": "https://github.com/ualbertalib/NEOSDiscovery/commit/abe9f57123e0c278ae190cd7402a623d66c51375"
},
{
"type": "WEB",
"url": "https://github.com/ualbertalib/NEOSDiscovery/releases/tag/1.0.71"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.222287"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.222287"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M688-CX2P-RGQ9
Vulnerability from github – Published: 2022-12-29 09:30 – Updated: 2023-01-09 21:50A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible to initiate the attack remotely. Upgrading to version 18.0.0 can address this issue. The name of the patch is 7d281c6fb5acbc29a2cad295262c1f0c19ca56f3. It is recommended to upgrade the affected component. The identifier VDB-217017 was assigned to this vulnerability.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "twitter-fetcher-js"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-25058"
],
"database_specific": {
"cwe_ids": [
"CWE-1022"
],
"github_reviewed": true,
"github_reviewed_at": "2023-01-09T21:50:29Z",
"nvd_published_at": "2022-12-29T08:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file `js/twitterFetcher.js` of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible to initiate the attack remotely. Upgrading to version 18.0.0 can address this issue. The name of the patch is 7d281c6fb5acbc29a2cad295262c1f0c19ca56f3. It is recommended to upgrade the affected component. The identifier VDB-217017 was assigned to this vulnerability.",
"id": "GHSA-m688-cx2p-rgq9",
"modified": "2023-01-09T21:50:29Z",
"published": "2022-12-29T09:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25058"
},
{
"type": "WEB",
"url": "https://github.com/jasonmayes/Twitter-Post-Fetcher/pull/170"
},
{
"type": "WEB",
"url": "https://github.com/jasonmayes/Twitter-Post-Fetcher/commit/7d281c6fb5acbc29a2cad295262c1f0c19ca56f3"
},
{
"type": "PACKAGE",
"url": "https://github.com/jasonmayes/Twitter-Post-Fetcher"
},
{
"type": "WEB",
"url": "https://github.com/jasonmayes/Twitter-Post-Fetcher/releases/tag/18.0.0"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.217017"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.217017"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Twitter-Post-Fetcher vulnerable to Use of Web Link to Untrusted Target with window.opener Access"
}
Mitigation
Specify in the design that any linked external document must not be granted access to the location object of the calling page.
Mitigation
- When creating a link to an external document using the <a> tag with a defined target, for example "_blank" or a named frame, provide the rel attribute with a value "noopener noreferrer".
- If opening the external document in a new window via javascript, then reset the opener by setting it equal to null.
Mitigation
Do not use "_blank" targets. However, this can affect the usability of the application.
No CAPEC attack patterns related to this CWE.