Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:47150
HistoryMay 23, 2024 - 12:11 p.m.

Tabnabbing

2024-05-2312:11:31
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
1
tabnabbing
passbolt_api
vulnerability
malicious uri
window.opener object

6.9 Medium

AI Score

Confidence

Low

passbolt/passbolt_api is vulnerable to Tapnabbing. The vulnerability is due to a flaw where a user can create and share a resource with a malicious URI that, when opened by the victim using the β€œOpen URI in a new tab” function, grants the malicious page access to the window.opener object

6.9 Medium

AI Score

Confidence

Low