CVE-2022-35953

BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links in BookWyrm may be vulnerable to tabnabbing, a form of phishing that gives attackers an opportunity to redirect a user to a malicious site. The issue was...

CVE-2022-35953 URL Redirection to Untrusted Site ('Open Redirect') in bookwyrm

BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links in BookWyrm may be vulnerable to tabnabbing, a form of phishing that gives attackers an opportunity to redirect a user to a malicious site. The issue was...

Phabricator: Window.opener fix bypass

Description Due to a recent reporthttps://hackerone.com/reports/306414 a fix was deployed in order to resolve the tabnabbing issue. However by using a line break the fix can be bypassed. Steps to reproduce 1 Browse to your Phabricator instance and create a new document. 2 Now paste in the followi...

Monero: TabNabbing issue (due to taget=_blank)

Hi team, i get to know in this particular url https://getmonero.org/get-started/what-is-monero/ and i found one 3rd party url. Issue lies Here : Here i can see you are using target=blank and no more rel tag. Here , target=blank means it will open in another new tab. but due to tabnabbing it can...