7 matches found
OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets
Summary CDP /json/version WebSocket URL could pivot to untrusted second-hop targets. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.5 Impact A browser profile could trust a CDP /json/version response whose webSocketDebuggerUrl pointed at a differen...
CVE-2022-4927
A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/bookmarks/refworks.html.erb. The manipulation leads to use of web link to untrusted target with window.opener access. The attack may be...
CVE-2018-25089
A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipulation leads to use of web link to untrusted target with window.opener access. Upgrading to versi...
Design/Logic Flaw
A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipulation leads to use of web link to untrusted target with window.opener access. Upgrading to versi...
text_helpers uses web link to untrusted target with window.opener access
A vulnerability was found in ahorner text-helpers 1.1.0/1.1.1. This vulnerability affects unknown code of the file lib/texthelpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The attack can be initiated remotely...
Design/Logic Flaw
A vulnerability was found in ahorner text-helpers up to 1.0.x. It has been declared as critical. This vulnerability affects unknown code of the file lib/texthelpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The...
CVE-2020-36624 ahorner text-helpers translation.rb reverse tabnabbing
A vulnerability was found in ahorner text-helpers up to 1.0.x. It has been declared as critical. This vulnerability affects unknown code of the file lib/texthelpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The...