18 matches found
Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Insights uses a web link with untrusted references to an external site.
Summary IBM Engineering Lifecycle Optimization - Engineering Insights uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims' web browser. The web application...
CVE-2018-25089
A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipulation leads to use of web link to untrusted target with window.opener access. Upgrading to versi...
Design/Logic Flaw
A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipulation leads to use of web link to untrusted target with window.opener access. Upgrading to versi...
CVE-2018-25089 glb Meetup Tag Extension Link Attribute reverse tabnabbing
A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipulation leads to use of web link to untrusted target with window.opener access. Upgrading to versi...
CVE-2018-25089
CVE-2018-25089 affects glb Meetup Tag Extension for MediaWiki (version 0.1). Root cause involves the Link Attribute Handler allowing manipulation leading to a web link being opened in a context with window.opener access (classic reverse tabnabbing risk). Upgrading to version 0.2 mitigates the iss...
CVE-2022-4927
A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/bookmarks/refworks.html.erb. The manipulation leads to use of web link to untrusted target with window.opener access. The attack may be...
Design/Logic Flaw
A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/bookmarks/refworks.html.erb. The manipulation leads to use of web link to untrusted target with window.opener access. The attack may be...
CVE-2022-4927
The CVE-2022-4927 entry concerns ualbertalib NEOSDiscovery prior to 1.0.71. The vulnerability affects the file path app/views/bookmarks/_refworks.html.erb and enables manipulation that leads to navigation to a web link targeting an untrusted destination with window.opener access (reverse-tabnabbi...
Twitter-Post-Fetcher vulnerable to Use of Web Link to Untrusted Target with window.opener Access
A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible ...
GHSA-M688-CX2P-RGQ9 Twitter-Post-Fetcher vulnerable to Use of Web Link to Untrusted Target with window.opener Access
A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible ...
CVE-2018-25058
A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible ...
CVE-2018-25058
The CVE-2018-25058 issue affects Twitter-Post-Fetcher up to version 17.x, specifically the js/twitterFetcher.js component of the Link Target Handler. The vulnerability enables a web link to an untrusted target via window.opener access and can be triggered remotely. A fix is available in version 1...
Reverse Tabnabbing
texthelpers is vulnerable to reverse tabnabbing. The vulnerability exists in multiple functions in translation.rb due to lack of proper regular expression which allows an attacker to use web links to untrusted targets with window.opener access...
text_helpers uses web link to untrusted target with window.opener access
A vulnerability was found in ahorner text-helpers 1.1.0/1.1.1. This vulnerability affects unknown code of the file lib/texthelpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The attack can be initiated remotely...
GHSA-74HC-57M5-83CH text_helpers uses web link to untrusted target with window.opener access
A vulnerability was found in ahorner text-helpers 1.1.0/1.1.1. This vulnerability affects unknown code of the file lib/texthelpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The attack can be initiated remotely...
CVE-2020-36624
A vulnerability was found in ahorner text-helpers up to 1.0.x. It has been declared as critical. This vulnerability affects unknown code of the file lib/texthelpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The...
Design/Logic Flaw
A vulnerability was found in ahorner text-helpers up to 1.0.x. It has been declared as critical. This vulnerability affects unknown code of the file lib/texthelpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The...
CVE-2020-36624 ahorner text-helpers translation.rb reverse tabnabbing
A vulnerability was found in ahorner text-helpers up to 1.0.x. It has been declared as critical. This vulnerability affects unknown code of the file lib/texthelpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The...