12 matches found
EUVD-2018-2749
Malware in sbrugna...
EUVD-2020-26429
Malware in sbrugna...
GHSA-XCXH-6CV4-Q8P8 HFS user adding a "web link" in HFS is vulnerable to "target=_blank" exploit
Summary When adding a "web link" to the HFS virtual filesystem, the frontend opens it with target="blank" but without the rel="noopener noreferrer" attribute. This allows the opened page to use the window.opener property to change the location of the original HFS tab. Details While most modern...
CVE-2025-25300 smartbanner.js rel noopener XSS vulnerability
smartbanner.js is a customizable smart app banner for iOS and Android. Prior to version 1.14.1, clicking on smartbanner View link and navigating to 3rd party page leaves window.opener exposed. It may allow hostile third parties to abuse window.opener, e.g. by redirection or injection on the...
DOMPurify Open Redirect vulnerability
DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute...
CVE-2022-2600
The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object...
CVE-2021-35240
A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'...
Cross site scripting
A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'...
Solarwinds Orion Platform 跨站脚本漏洞
Solarwinds Orion Platform is a network fault and network performance management platform from Solarwinds, Inc. The platform provides real-time monitoring and analysis of network devices, and supports custom web interfaces, multiple user opinions, and map-based browsing of the entire network, etc....
GHSA-9MRQ-CJGH-32G2 smartbanner.js rel noopener vulnerability
rel noopener vulnerability Impact Clicking on smartbanner View link and navigating to 3rd party page leaves window.opener exposed. It may allow hostile 3rd parties to abuse window.opener, e.g. by redirection or injection on the original page with smartbanner. Patches rel="noopener" is automatical...
smartbanner.js rel noopener vulnerability
rel noopener vulnerability Impact Clicking on smartbanner View link and navigating to 3rd party page leaves window.opener exposed. It may allow hostile 3rd parties to abuse window.opener, e.g. by redirection or injection on the original page with smartbanner. Patches rel="noopener" is automatical...
HackerOne: External links should use rel="noopener" or use the redirect service
This is a rather low severity one and a successful exploitation relies on unlikely user interaction as well as the ability to control the HTML output of an remote host. Furthermore it is a kinda new hardening features in some browsers. Though one can work around this using "noreferrer" which is...