2 matches found
CVE-2025-25300 smartbanner.js rel noopener XSS vulnerability
smartbanner.js is a customizable smart app banner for iOS and Android. Prior to version 1.14.1, clicking on smartbanner View link and navigating to 3rd party page leaves window.opener exposed. It may allow hostile third parties to abuse window.opener, e.g. by redirection or injection on the...
CVE-2025-25300
CVE-2025-25300 concerns smartbanner.js (pre-1.14.1) where clicking the View link could expose window.opener to a 3rd party page, enabling possible redirection or script manipulation on the original page. The issue is addressed in version 1.14.1 by automatically applying rel="noopener" to links. I...