Reverse Tabnabbing Attacks

jupyterlab is vulnerable to Reverse Tabnabbing attacks. The vulnerability is due to missing the noopener attribute in links generated by LaTeX typesetters in Markdown cells and files, which allows an attacker to exploit links with target=blank to potentially hijack the originating browser tab...

EUVD-2025-29526

Malicious code in bioql PyPI...

GHSA-VVFJ-2JQX-52JM JupyterLab LaTeX typesetter links did not enforce `noopener` attribute

Links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include the noopener attribute. This is deemed to have no impact on the default installations. Theoretically users of third-party LaTeX-rendering extensions could find themselves...

PT-2025-39657

Name of the Vulnerable Software and Affected Versions jupyterlab versions prior to 4.4.8 Description jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Links generated with LaTeX typesetters in Markdown files and Markdow...

HFS user adding a "web link" in HFS is vulnerable to "target=_blank" exploit

Summary When adding a "web link" to the HFS virtual filesystem, the frontend opens it with target="blank" but without the rel="noopener noreferrer" attribute. This allows the opened page to use the window.opener property to change the location of the original HFS tab. Details While most modern...

GHSA-XCXH-6CV4-Q8P8 HFS user adding a "web link" in HFS is vulnerable to "target=_blank" exploit

Summary When adding a "web link" to the HFS virtual filesystem, the frontend opens it with target="blank" but without the rel="noopener noreferrer" attribute. This allows the opened page to use the window.opener property to change the location of the original HFS tab. Details While most modern...

GHSA-8HGG-XXM5-3873 DOMPurify Open Redirect vulnerability

DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute...

DOMPurify Open Redirect vulnerability

DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute...

Tabnabbing via window.opener [bookwyrm.social]

Description: 1. Hello @bookwyrm-social I found a tabnabbing vulnerability. attack is possible due to taget=blank or Tab nabbing via window.opener. VISIT:- https://bookwyrm.social/ SUMMARY: 1. I was browsing the site and found a tabnabbing vulnerability . As per the observation I found that attack...

GHSA-H6MQ-3CJ6-H738 Reverse Tabnabbing in showdown

Versions of showdown prior to 1.9.1 are vulnerable to Reverse Tabnabbing. The package uses target='blank' in anchor tags, allowing attackers to access window.opener for the original page when opening links. This is commonly used for phishing attacks. Recommendation Upgrade to version 1.9.1 or lat...

GHSA-588M-9QG5-35PQ Reverse Tabnabbing in quill

Versions of quill prior to 1.3.7 are vulnerable to Reverse Tabnabbing. The package uses target='blank' in anchor tags, allowing attackers to access window.opener for the original page when opening links. This is commonly used for phishing attacks. Recommendation No fix is currently available...

MyBB Redirection Vulnerability

MyBB aka MyBulletinBoard is a free and web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. A security vulnerability exists in MyBB version 1.8.15, which is caused by the program failing to...