2 matches found
CVE-2025-25300 smartbanner.js rel noopener XSS vulnerability
smartbanner.js is a customizable smart app banner for iOS and Android. Prior to version 1.14.1, clicking on smartbanner View link and navigating to 3rd party page leaves window.opener exposed. It may allow hostile third parties to abuse window.opener, e.g. by redirection or injection on the...
Resque vulnerable to reflected XSS in resque-web failed and queues lists
Impact The following paths in resque-web have been found to be vulnerable to reflected XSS: /failed/?class=alertdocument.cookie /queues/ Patches v2.2.1 Workarounds No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web interface until y...