Common Weakness Enumeration

CWE-1022

Allowed

Use of Web Link to Untrusted Target with window.opener Access

Abstraction: Variant · Status: Incomplete

The web application produces links to untrusted external sites outside of its sphere of control, but it does not properly prevent the external site from modifying security-critical properties of the window.opener object, such as the location property.

26 vulnerabilities reference this CWE, most recent first.

CVE-2018-25089 (GCVE-0-2018-25089)

Vulnerability from cvelistv5 – Published: 2023-08-28 12:31 – Updated: 2024-09-30 17:50
VLAI
Title
glb Meetup Tag Extension Link Attribute reverse tabnabbing
Summary
A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipulation leads to use of web link to untrusted target with window.opener access. Upgrading to version 0.2 is able to address this issue. The identifier of the patch is 850c726d6bbfe0bf270801fbb92a30babea4155c. It is recommended to upgrade the affected component. The identifier VDB-238157 was assigned to this vulnerability.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1022 - Use of Web Link to Untrusted Target with window.opener Access
Assigner
References
Impacted products
Credits
VulDB GitHub Commit Analyzer
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:33:47.884Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.238157"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.238157"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/glb/mediawiki-tag-extension-meetup/commit/850c726d6bbfe0bf270801fbb92a30babea4155c"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/glb/mediawiki-tag-extension-meetup/releases/tag/v0.2"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-25089",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T17:49:57.600187Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T17:50:45.123Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Link Attribute Handler"
          ],
          "product": "Meetup Tag Extension",
          "vendor": "glb",
          "versions": [
            {
              "status": "affected",
              "version": "0.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "tool",
          "value": "VulDB GitHub Commit Analyzer"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipulation leads to use of web link to untrusted target with window.opener access. Upgrading to version 0.2 is able to address this issue. The identifier of the patch is 850c726d6bbfe0bf270801fbb92a30babea4155c. It is recommended to upgrade the affected component. The identifier VDB-238157 was assigned to this vulnerability."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in glb Meetup Tag Extension 0.1 f\u00fcr MediaWiki ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Link Attribute Handler. Durch das Manipulieren mit unbekannten Daten kann eine use of web link to untrusted target with window.opener access-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 0.2 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 850c726d6bbfe0bf270801fbb92a30babea4155c bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.7,
            "vectorString": "AV:A/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1022",
              "description": "CWE-1022 Use of Web Link to Untrusted Target with window.opener Access",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-20T12:43:24.091Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.238157"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.238157"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/glb/mediawiki-tag-extension-meetup/commit/850c726d6bbfe0bf270801fbb92a30babea4155c"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/glb/mediawiki-tag-extension-meetup/releases/tag/v0.2"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2018-02-22T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2018-02-22T00:00:00.000Z",
          "value": "Countermeasure disclosed"
        },
        {
          "lang": "en",
          "time": "2023-08-26T00:00:00.000Z",
          "value": "CVE reserved"
        },
        {
          "lang": "en",
          "time": "2023-08-26T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2023-09-20T17:26:00.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "glb Meetup Tag Extension Link Attribute reverse tabnabbing"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2018-25089",
    "datePublished": "2023-08-28T12:31:04.889Z",
    "dateReserved": "2023-08-26T20:13:13.681Z",
    "dateUpdated": "2024-09-30T17:50:45.123Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-25058 (GCVE-0-2018-25058)

Vulnerability from cvelistv5 – Published: 2022-12-29 07:56 – Updated: 2024-08-05 12:26
VLAI
Title
Twitter-Post-Fetcher Link Target twitterFetcher.js reverse tabnabbing
Summary
A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible to initiate the attack remotely. Upgrading to version 18.0.0 is able to address this issue. The name of the patch is 7d281c6fb5acbc29a2cad295262c1f0c19ca56f3. It is recommended to upgrade the affected component. The identifier VDB-217017 was assigned to this vulnerability.
CWE
  • CWE-1022 - Use of Web Link to Untrusted Target with window.opener Access
Assigner
Impacted products
Vendor Product Version
n/a Twitter-Post-Fetcher Affected: 17.x
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:26:39.697Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.217017"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.217017"
          },
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://github.com/jasonmayes/Twitter-Post-Fetcher/pull/170"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/jasonmayes/Twitter-Post-Fetcher/commit/7d281c6fb5acbc29a2cad295262c1f0c19ca56f3"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/jasonmayes/Twitter-Post-Fetcher/releases/tag/18.0.0"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Link Target Handler"
          ],
          "product": "Twitter-Post-Fetcher",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "17.x"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible to initiate the attack remotely. Upgrading to version 18.0.0 is able to address this issue. The name of the patch is 7d281c6fb5acbc29a2cad295262c1f0c19ca56f3. It is recommended to upgrade the affected component. The identifier VDB-217017 was assigned to this vulnerability."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in Twitter-Post-Fetcher bis 17.x entdeckt. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei js/twitterFetcher.js der Komponente Link Target Handler. Durch das Beeinflussen mit unbekannten Daten kann eine use of web link to untrusted target with window.opener access-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 18.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 7d281c6fb5acbc29a2cad295262c1f0c19ca56f3 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1022",
              "description": "CWE-1022 Use of Web Link to Untrusted Target with window.opener Access",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-29T07:56:13.976Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.217017"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.217017"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/jasonmayes/Twitter-Post-Fetcher/pull/170"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/jasonmayes/Twitter-Post-Fetcher/commit/7d281c6fb5acbc29a2cad295262c1f0c19ca56f3"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/jasonmayes/Twitter-Post-Fetcher/releases/tag/18.0.0"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2022-12-29T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2022-12-29T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2022-12-29T09:01:10.000Z",
          "value": "VulDB last update"
        }
      ],
      "title": "Twitter-Post-Fetcher Link Target twitterFetcher.js reverse tabnabbing"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2018-25058",
    "datePublished": "2022-12-29T07:56:13.976Z",
    "dateReserved": "2022-12-29T07:54:07.873Z",
    "dateUpdated": "2024-08-05T12:26:39.697Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-588M-9QG5-35PQ

Vulnerability from github – Published: 2020-09-03 17:19 – Updated: 2021-09-28 22:06
VLAI
Summary
Reverse Tabnabbing in quill
Details

Versions of quill prior to 1.3.7 are vulnerable to Reverse Tabnabbing. The package uses target='_blank' in anchor tags, allowing attackers to access window.opener for the original page when opening links. This is commonly used for phishing attacks.

Recommendation

No fix is currently available. Consider using an alternative package until a fix is made available.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "quill"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-1022"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:45:03Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "Versions of `quill` prior to 1.3.7 are vulnerable to [Reverse Tabnabbing](https://www.owasp.org/index.php/Reverse_Tabnabbing). The package uses `target=\u0027_blank\u0027` in anchor tags, allowing attackers to access `window.opener` for the original page when opening links. This is commonly used for phishing attacks.\n\n\n## Recommendation\n\nNo fix is currently available. Consider using an alternative package until a fix is made available.",
  "id": "GHSA-588m-9qg5-35pq",
  "modified": "2021-09-28T22:06:18Z",
  "published": "2020-09-03T17:19:09Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/quilljs/quill/issues/2438"
    },
    {
      "type": "WEB",
      "url": "https://github.com/quilljs/quill/pull/2674"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/quilljs/quill"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1039"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Reverse Tabnabbing in quill"
}

GHSA-74HC-57M5-83CH

Vulnerability from github – Published: 2022-12-22 12:30 – Updated: 2022-12-29 19:23
VLAI
Summary
text_helpers uses web link to untrusted target with window.opener access
Details

A vulnerability was found in ahorner text-helpers 1.1.0/1.1.1. This vulnerability affects unknown code of the file lib/text_helpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The attack can be initiated remotely. Upgrading to version 1.2.0 can address this issue. The name of the patch is 184b60ded0e43c985788582aca2d1e746f9405a3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216520.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "text_helpers"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.1.0"
            },
            {
              "fixed": "1.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-36624"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1022",
      "CWE-266"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-22T20:03:04Z",
    "nvd_published_at": "2022-12-22T10:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in ahorner text-helpers 1.1.0/1.1.1. This vulnerability affects unknown code of the file lib/text_helpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The attack can be initiated remotely. Upgrading to version 1.2.0 can address this issue. The name of the patch is 184b60ded0e43c985788582aca2d1e746f9405a3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216520.",
  "id": "GHSA-74hc-57m5-83ch",
  "modified": "2022-12-29T19:23:01Z",
  "published": "2022-12-22T12:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36624"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ahorner/text-helpers/pull/19"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ahorner/text-helpers/commit/184b60ded0e43c985788582aca2d1e746f9405a3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ahorner/text-helpers"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ahorner/text-helpers/releases/tag/v1.1.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ahorner/text-helpers/releases/tag/v1.2.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/text_helpers/CVE-2020-36624.yml"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.216520"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "text_helpers uses web link to untrusted target with window.opener access"
}

GHSA-8QCF-755R-4VHW

Vulnerability from github – Published: 2024-12-25 15:30 – Updated: 2025-01-10 21:31
VLAI
Details

IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-39727"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1022"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-25T14:15:22Z",
    "severity": "MODERATE"
  },
  "details": "IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3\u00a0uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims\u2019 web browser.",
  "id": "GHSA-8qcf-755r-4vhw",
  "modified": "2025-01-10T21:31:26Z",
  "published": "2024-12-25T15:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39727"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7176783"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9J82-QGPC-G3MQ

Vulnerability from github – Published: 2022-08-23 00:00 – Updated: 2022-08-24 00:00
VLAI
Details

The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2600"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1022"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-22T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel=\"noopener noreferer\" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object.",
  "id": "GHSA-9j82-qgpc-g3mq",
  "modified": "2022-08-24T00:00:29Z",
  "published": "2022-08-23T00:00:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2600"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/01bbdefd-bdc3-43ef-9f35-6e7ebe786be2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FH98-FX6F-2PF6

Vulnerability from github – Published: 2022-05-31 00:00 – Updated: 2022-06-10 00:00
VLAI
Details

The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to occur.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1583"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1022"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-30T09:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to \"null\" when links to external sites are clicked, which may enable tabnabbing attacks to occur.",
  "id": "GHSA-fh98-fx6f-2pf6",
  "modified": "2022-06-10T00:00:53Z",
  "published": "2022-05-31T00:00:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1583"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/aa9d727c-4d17-4220-b8cb-e6dec30361a9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H6MQ-3CJ6-H738

Vulnerability from github – Published: 2020-09-03 23:21 – Updated: 2021-10-01 16:12
VLAI
Summary
Reverse Tabnabbing in showdown
Details

Versions of showdown prior to 1.9.1 are vulnerable to Reverse Tabnabbing. The package uses target='_blank' in anchor tags, allowing attackers to access window.opener for the original page when opening links. This is commonly used for phishing attacks.

Recommendation

Upgrade to version 1.9.1 or later.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "showdown"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.9.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-1022"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:54:24Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "Versions of `showdown` prior to 1.9.1 are vulnerable to [Reverse Tabnabbing](https://www.owasp.org/index.php/Reverse_Tabnabbing). The package uses `target=\u0027_blank\u0027` in anchor tags, allowing attackers to access `window.opener` for the original page when opening links. This is commonly used for phishing attacks.\n\n\n## Recommendation\n\nUpgrade to version 1.9.1 or later.",
  "id": "GHSA-h6mq-3cj6-h738",
  "modified": "2021-10-01T16:12:36Z",
  "published": "2020-09-03T23:21:16Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/showdownjs/showdown/pull/670"
    },
    {
      "type": "WEB",
      "url": "https://github.com/showdownjs/showdown/commit/1cd281f0643ef613dc1d36847d4c6cbb22501d91"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/showdownjs/showdown"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-SHOWDOWN-469487"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1302"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Reverse Tabnabbing in showdown"
}

GHSA-J9JV-927J-JJRM

Vulnerability from github – Published: 2023-03-05 21:30 – Updated: 2023-03-13 18:30
VLAI
Details

A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/bookmarks/_refworks.html.erb. The manipulation leads to use of web link to untrusted target with window.opener access. The attack may be initiated remotely. Upgrading to version 1.0.71 is able to address this issue. The name of the patch is abe9f57123e0c278ae190cd7402a623d66c51375. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222287.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-4927"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1022",
      "CWE-601"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-05T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/bookmarks/_refworks.html.erb. The manipulation leads to use of web link to untrusted target with window.opener access. The attack may be initiated remotely. Upgrading to version 1.0.71 is able to address this issue. The name of the patch is abe9f57123e0c278ae190cd7402a623d66c51375. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222287.",
  "id": "GHSA-j9jv-927j-jjrm",
  "modified": "2023-03-13T18:30:43Z",
  "published": "2023-03-05T21:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4927"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ualbertalib/NEOSDiscovery/pull/547"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ualbertalib/NEOSDiscovery/commit/abe9f57123e0c278ae190cd7402a623d66c51375"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ualbertalib/NEOSDiscovery/releases/tag/1.0.71"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.222287"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.222287"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M688-CX2P-RGQ9

Vulnerability from github – Published: 2022-12-29 09:30 – Updated: 2023-01-09 21:50
VLAI
Summary
Twitter-Post-Fetcher vulnerable to Use of Web Link to Untrusted Target with window.opener Access
Details

A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible to initiate the attack remotely. Upgrading to version 18.0.0 can address this issue. The name of the patch is 7d281c6fb5acbc29a2cad295262c1f0c19ca56f3. It is recommended to upgrade the affected component. The identifier VDB-217017 was assigned to this vulnerability.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "twitter-fetcher-js"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "18.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-25058"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1022"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-01-09T21:50:29Z",
    "nvd_published_at": "2022-12-29T08:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file `js/twitterFetcher.js` of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible to initiate the attack remotely. Upgrading to version 18.0.0 can address this issue. The name of the patch is 7d281c6fb5acbc29a2cad295262c1f0c19ca56f3. It is recommended to upgrade the affected component. The identifier VDB-217017 was assigned to this vulnerability.",
  "id": "GHSA-m688-cx2p-rgq9",
  "modified": "2023-01-09T21:50:29Z",
  "published": "2022-12-29T09:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25058"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jasonmayes/Twitter-Post-Fetcher/pull/170"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jasonmayes/Twitter-Post-Fetcher/commit/7d281c6fb5acbc29a2cad295262c1f0c19ca56f3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jasonmayes/Twitter-Post-Fetcher"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jasonmayes/Twitter-Post-Fetcher/releases/tag/18.0.0"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.217017"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.217017"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Twitter-Post-Fetcher vulnerable to Use of Web Link to Untrusted Target with window.opener Access"
}

Mitigation
Architecture and Design

Specify in the design that any linked external document must not be granted access to the location object of the calling page.

Mitigation
Implementation
  • When creating a link to an external document using the <a> tag with a defined target, for example "_blank" or a named frame, provide the rel attribute with a value "noopener noreferrer".
  • If opening the external document in a new window via javascript, then reset the opener by setting it equal to null.
Mitigation
Implementation

Do not use "_blank" targets. However, this can affect the usability of the application.

No CAPEC attack patterns related to this CWE.