Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-2749

Malware in sbrugna...

6.1CVSS6.3AI score0.0103EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-26429

Malware in sbrugna...

6.5CVSS6.6AI score0.01047EPSS
Exploits0References2
OSV
OSV
added 2025/08/12 12:13 a.m.2 views

GHSA-XCXH-6CV4-Q8P8 HFS user adding a "web link" in HFS is vulnerable to "target=_blank" exploit

Summary When adding a "web link" to the HFS virtual filesystem, the frontend opens it with target="blank" but without the rel="noopener noreferrer" attribute. This allows the opened page to use the window.opener property to change the location of the original HFS tab. Details While most modern...

6.3CVSS6.5AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/18 5:38 p.m.8 views

CVE-2025-25300 smartbanner.js rel noopener XSS vulnerability

smartbanner.js is a customizable smart app banner for iOS and Android. Prior to version 1.14.1, clicking on smartbanner View link and navigating to 3rd party page leaves window.opener exposed. It may allow hostile third parties to abuse window.opener, e.g. by redirection or injection on the...

5.3CVSS7AI score0.00387EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/11/14 9:30 p.m.24 views

DOMPurify Open Redirect vulnerability

DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute...

6.1CVSS7AI score0.00508EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/08/22 3:15 p.m.4 views

CVE-2022-2600

The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object...

5.4CVSS5.6AI score0.00504EPSS
Exploits1References1
NVD
NVD
added 2021/08/31 4:15 p.m.26 views

CVE-2021-35240

A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'...

6.5CVSS0.01074EPSS
Exploits0References4
Prion
Prion
added 2021/08/31 4:15 p.m.15 views

Cross site scripting

A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'...

3.5CVSS4.7AI score0.01074EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2021/08/31 12:0 a.m.6 views

Solarwinds Orion Platform 跨站脚本漏洞

Solarwinds Orion Platform is a network fault and network performance management platform from Solarwinds, Inc. The platform provides real-time monitoring and analysis of network devices, and supports custom web interfaces, multiple user opinions, and map-based browsing of the entire network, etc....

6.5CVSS5.1AI score0.01074EPSS
Exploits0References4
OSV
OSV
added 2019/09/13 1:22 p.m.8 views

GHSA-9MRQ-CJGH-32G2 smartbanner.js rel noopener vulnerability

rel noopener vulnerability Impact Clicking on smartbanner View link and navigating to 3rd party page leaves window.opener exposed. It may allow hostile 3rd parties to abuse window.opener, e.g. by redirection or injection on the original page with smartbanner. Patches rel="noopener" is automatical...

6.9CVSS6.2AI score0.00387EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2019/09/13 1:22 p.m.26 views

smartbanner.js rel noopener vulnerability

rel noopener vulnerability Impact Clicking on smartbanner View link and navigating to 3rd party page leaves window.opener exposed. It may allow hostile 3rd parties to abuse window.opener, e.g. by redirection or injection on the original page with smartbanner. Patches rel="noopener" is automatical...

5.3CVSS6.6AI score0.00387EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2016/03/20 10:3 a.m.49 views

HackerOne: External links should use rel="noopener" or use the redirect service

This is a rather low severity one and a successful exploitation relies on unlikely user interaction as well as the ability to control the HTML output of an remote host. Furthermore it is a kinda new hardening features in some browsers. Though one can work around this using "noreferrer" which is...

7AI score
Exploits0
Rows per page
Query Builder