67 matches found
EUVD-2017-1434
Malware in sbrugna...
EUVD-2017-1362
Malware in sbrugna...
EUVD-2022-34847
Malicious code in bioql PyPI...
Script Injection
smartbanner.jss is vulnerable to Script Injection. The vulnerability is due to window.opener being accessible to third-party pages when users click the View link, allowing attackers to manipulate the original page via redirection or script injection...
CVE-2025-25300
smartbanner.js is a customizable smart app banner for iOS and Android. Prior to version 1.14.1, clicking on smartbanner View link and navigating to 3rd party page leaves window.opener exposed. It may allow hostile third parties to abuse window.opener, e.g. by redirection or injection on the...
CVE-2025-25300
smartbanner.js is a customizable smart app banner for iOS and Android. Prior to version 1.14.1, clicking on smartbanner View link and navigating to 3rd party page leaves window.opener exposed. It may allow hostile third parties to abuse window.opener, e.g. by redirection or injection on the...
CVE-2025-25300 smartbanner.js rel noopener XSS vulnerability
smartbanner.js is a customizable smart app banner for iOS and Android. Prior to version 1.14.1, clicking on smartbanner View link and navigating to 3rd party page leaves window.opener exposed. It may allow hostile third parties to abuse window.opener, e.g. by redirection or injection on the...
CVE-2025-25300 smartbanner.js rel noopener XSS vulnerability
smartbanner.js is a customizable smart app banner for iOS and Android. Prior to version 1.14.1, clicking on smartbanner View link and navigating to 3rd party page leaves window.opener exposed. It may allow hostile third parties to abuse window.opener, e.g. by redirection or injection on the...
smartbanner.js 输入验证错误漏洞
smartbanner.js is a customizable smart app banner for iOS and Android by Ain Tohvri Personal Developer. An input validation error vulnerability exists in smartbanner.js versions prior to 1.14.1 that stems from not properly handling the window.opener property. An attacker can exploit this...
Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Insights uses a web link with untrusted references to an external site.
Summary IBM Engineering Lifecycle Optimization - Engineering Insights uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims' web browser. The web application...
Tabnabbing
passbolt/passboltapi is vulnerable to Tapnabbing. The vulnerability is due to a flaw where a user can create and share a resource with a malicious URI that, when opened by the victim using the "Open URI in a new tab" function, grants the malicious page access to the window.opener object...
Passbolt Api Tabnabbing when opening URI with menu "Open URI in a new tab"
Description A user could create and share a resource with a malicious URI. When the victim opens with menu “Open URI in a new tab” function, the malicious page has access to the window.opener object. Impact of issue The newly opened malicious page can for example change the window.opener.location...
CVE-2018-25089
A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipulation leads to use of web link to untrusted target with window.opener access. Upgrading to versi...
Design/Logic Flaw
A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipulation leads to use of web link to untrusted target with window.opener access. Upgrading to versi...
CVE-2018-25089 glb Meetup Tag Extension Link Attribute reverse tabnabbing
A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipulation leads to use of web link to untrusted target with window.opener access. Upgrading to versi...
CVE-2018-25089
CVE-2018-25089 affects glb Meetup Tag Extension for MediaWiki (version 0.1). Root cause involves the Link Attribute Handler allowing manipulation leading to a web link being opened in a context with window.opener access (classic reverse tabnabbing risk). Upgrading to version 0.2 mitigates the iss...
CVE-2018-25089 glb Meetup Tag Extension Link Attribute reverse tabnabbing
A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipulation leads to use of web link to untrusted target with window.opener access. Upgrading to versi...
CVE-2022-4927
A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/bookmarks/refworks.html.erb. The manipulation leads to use of web link to untrusted target with window.opener access. The attack may be...
Design/Logic Flaw
A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/bookmarks/refworks.html.erb. The manipulation leads to use of web link to untrusted target with window.opener access. The attack may be...
CVE-2022-4927
The CVE-2022-4927 entry concerns ualbertalib NEOSDiscovery prior to 1.0.71. The vulnerability affects the file path app/views/bookmarks/_refworks.html.erb and enables manipulation that leads to navigation to a web link targeting an untrusted destination with window.opener access (reverse-tabnabbi...