Lucene search

VulDBCVELIST:CVE-2018-25058

HistoryDec 29, 2022 - 7:56 a.m.

CVE-2018-25058 Twitter-Post-Fetcher Link Target twitterFetcher.js reverse tabnabbing

2022-12-2907:56:13

CWE-1022

VulDB

www.cve.org

twitter-post-fetcher

remote attack

tabnabbing

CVSS3

4.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L

EPSS

0.001

Percentile

48.3%

JSON

A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible to initiate the attack remotely. Upgrading to version 18.0.0 is able to address this issue. The name of the patch is 7d281c6fb5acbc29a2cad295262c1f0c19ca56f3. It is recommended to upgrade the affected component. The identifier VDB-217017 was assigned to this vulnerability.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Twitter-Post-Fetcher",
    "versions": [
      {
        "version": "17.x",
        "status": "affected"
      }
    ],
    "modules": [
      "Link Target Handler"
    ]
  }
]

References

github.com/jasonmayes/Twitter-Post-Fetcher/commit/7d281c6fb5acbc29a2cad295262c1f0c19ca56f3

github.com/jasonmayes/Twitter-Post-Fetcher/pull/170

github.com/jasonmayes/Twitter-Post-Fetcher/releases/tag/18.0.0

vuldb.com/?ctiid.217017

vuldb.com/?id.217017

CVSS3

4.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L

EPSS

0.001

Percentile

48.3%

JSON

Related for CVELIST:CVE-2018-25058