The vulnerability of the OpenProject project management platform, related to the lack of measures taken to protect the website structure, allows attackers to carry out phishing attacks.

The vulnerability of the OpenProject project management platform lies in the lack of measures taken to protect the structure of the web page when processing the target=blank value without the rel noopener attribute. Exploiting this vulnerability could allow a malicious actor to carry out phishing...

Reverse Tabnabbing in quill

Versions of quill prior to 1.3.7 are vulnerable to Reverse Tabnabbing. The package uses target='blank' in anchor tags, allowing attackers to access window.opener for the original page when opening links. This is commonly used for phishing attacks. Recommendation No fix is currently available...

Reverse Tabnabbing

Overview Versions of showdown prior to 1.9.1 are vulnerable to Reverse Tabnabbing. The package uses target='blank' in anchor tags, allowing attackers to access window.opener for the original page when opening links. This is commonly used for phishing attacks. Recommendation Upgrade to version 1.9...

Reverse Tabnapping

swagger-ui is vulnerable to reverse tabnabbing. The anchor tags uses target='blank' which would allow attackers to access window.opener for the original page to perform phising attacks...

Reverse Tabnapping

Overview Versions of swagger-ui prior to 3.18.0 are vulnerable to Reverse Tabnapping. The package uses target='blank' in anchor tags, allowing attackers to access window.opener for the original page. This is commonly used for phishing attacks. Recommendation Upgrade to version 3.18.0 or later...

CVE-2017-1000149

Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener target="blank" and window.open...

Monero: TabNabbing issue (due to taget=_blank)

Hi team, i get to know in this particular url https://getmonero.org/get-started/what-is-monero/ and i found one 3rd party url. Issue lies Here : Here i can see you are using target=blank and no more rel tag. Here , target=blank means it will open in another new tab. but due to tabnabbing it can...

Flexport year in Hackerone is report 6 an interesting vulnerability-vulnerability warning-the black bar safety net

! A year ago the Internet freight forwarders company Flexport in order to improve its customer data security, with our HackerOne platform to establish a cooperative relationship. HackerOne as a global well-known bug Bounty gold one, allowing all the security enthusiasts and professional penetrati...

GitLab: Gitlab.com is vulnerable to reverse tabnabbing.

Dear GitLab bug bounty team, Summary --- Gitlab.com is vulnerable to reverse tabnabbing, since you use target="blank" on links in the Environments section. F166659 Why does this vulnerability exist? --- The following link is vulnerable to reverse tabnabbing, because it uses target="blank": This...

Open-Xchange: Tab nabbing via window.opener

Details: When you open a link in a new tab target="blank" , the page that opens in a new tab can access the initial tab and change it's location using the window.opener property. POC: Edit your contact details, with the website URL of http://davenport.net.nz/test.html, which has the following htm...

Nextcloud: URI scheme bypass in mail app lead to HTML content spoof and opener control

Bug When we load a HTML mail from mailbox via api, etc http://nextcloud/index.php/apps/mail/accounts//folders/SU5CT1g=/messages//html Our content will be passed to HTML Purifier to strip malicious XSS patterns. After that, an filter will apply to transform acceptable URI schemes http, https, ftp,...