Lucene search
K

7 matches found

Github Security Blog
Github Security Blog
added 2026/04/17 10:18 p.m.9 views

OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets

Summary CDP /json/version WebSocket URL could pivot to untrusted second-hop targets. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.5 Impact A browser profile could trust a CDP /json/version response whose webSocketDebuggerUrl pointed at a differen...

7.7CVSS5.7AI score0.00265EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 12:31 a.m.7 views

CVE-2022-4927

A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/bookmarks/refworks.html.erb. The manipulation leads to use of web link to untrusted target with window.opener access. The attack may be...

6.5CVSS7AI score0.00485EPSS
Exploits0References1
NVD
NVD
added 2023/08/28 1:15 p.m.21 views

CVE-2018-25089

A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipulation leads to use of web link to untrusted target with window.opener access. Upgrading to versi...

5.3CVSS4.5AI score0.00502EPSS
Exploits0References4
Prion
Prion
added 2023/08/28 1:15 p.m.20 views

Design/Logic Flaw

A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipulation leads to use of web link to untrusted target with window.opener access. Upgrading to versi...

5CVSS5.4AI score0.00502EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/22 12:30 p.m.18 views

text_helpers uses web link to untrusted target with window.opener access

A vulnerability was found in ahorner text-helpers 1.1.0/1.1.1. This vulnerability affects unknown code of the file lib/texthelpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The attack can be initiated remotely...

6.3CVSS6.4AI score0.00573EPSS
Exploits0References8Affected Software1
Prion
Prion
added 2022/12/22 10:15 a.m.18 views

Design/Logic Flaw

A vulnerability was found in ahorner text-helpers up to 1.0.x. It has been declared as critical. This vulnerability affects unknown code of the file lib/texthelpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The...

5.8CVSS6.4AI score0.00573EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2022/12/22 12:0 a.m.23 views

CVE-2020-36624 ahorner text-helpers translation.rb reverse tabnabbing

A vulnerability was found in ahorner text-helpers up to 1.0.x. It has been declared as critical. This vulnerability affects unknown code of the file lib/texthelpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The...

6.3CVSS6.5AI score0.00573EPSS
Exploits0References4
Rows per page
Query Builder