EUVD-2022-34847

Malicious code in bioql PyPI...

CVE-2022-2600

The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object...

CVE-2022-2600

The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object...

CVE-2022-2600

The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object...

CVE-2022-2600

The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object...

Code injection

The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object...

CVE-2022-2600 Auto-hyperlink URLs <= 5.4.1 - Tab Nabbing

The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object...

CVE-2022-2600

The CVE-2022-2600 entry concerns the WordPress plugin Auto-hyperlink URLs (versions through 5.4.1). The underlying issue is that generated links do not include rel="noopener noreferer", enabling Tab Nabbing and potentially exposing the source tab via window.opener. The vulnerability impact, as do...

PT-2022-17629 · WordPress · Auto-Hyperlink Urls

Name of the Vulnerable Software and Affected Versions: Auto-hyperlink URLs WordPress plugin versions through 5.4.1 Description: The issue allows for Tab Nabbing, giving the target site access to the source tab through the window.opener DOM object, because the plugin does not set rel="noopener...

WordPress Auto-hyperlink URLs plugin <= 5.4.1 - Tab Nabbing vulnerability

Tab Nabbing vulnerability discovered by Daniel Ruf in WordPress Auto-hyperlink URLs plugin versions = 5.4.1. Solution Deactivate and delete. This plugin has been closed as of July 18, 2022 and is not available for download. This closure is temporary, pending a full review...

HackerOne: Tab nabbing in Hackerone inbox.

Description: Tab nabbing vulnerability occurs When you open a link in a new tab target="blank" , the page that opens in a new tab can access the initial tab and change its location using the window.opener property and from this a lot of phishing attacks could happen. This scenario occurs on...

Automattic: Tab nabbing via window.opener.location (target "_blank")

Summary: When you open a link using target="blank", the page that opens in a new tab get access to the initial tab and change its location using the window.opener.location function. Platforms Affected: website Steps To Reproduce for the first target blank: 1. First target "blank" 1. On...

Phabricator: Markdown parsing issue enables insertion of malicious tags

mongoose By exploiting the URL markdown an attacker is able to add tags to an anchor-element. This is less impactfull since the default csp policy blocks inline javascript execution, but an attacker could deface individual pages, bypass the rel="norefferrer" tag to perform tab nabbing or perform...

Discourse < 2.3.0.beta10 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities including vulnerabilities in 3rdparty components. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

Open-Xchange: Another window.opener issue

Vulnerability Details: Appointment titles are rendered as hyperlink but were missing a protection against "tab nabbing". Risk: When following a hyperlink to a malicious website, the original tab location OX App Suite could be replaced with a URL chosen by the attacker. This can be exploited to...

Weblate: Tab nabbing via window.opener

Details: When you open a link in a new tab target="blank" , the page that opens in a new tab can access the initial tab and change it's location using the window.opener property. Attack scenario: here i have provided 2 videos, in video 1 i have my editorial link set. to show that tabnapping is...

Open-Xchange: Tab nabbing via window.opener

Details: When you open a link in a new tab target="blank" , the page that opens in a new tab can access the initial tab and change it's location using the window.opener property. POC: Edit your contact details, with the website URL of http://davenport.net.nz/test.html, which has the following htm...