passbolt/passbolt_api is vulnerable to Tapnabbing. The vulnerability is due to a flaw where a user can create and share a resource with a malicious URI that, when opened by the victim using the βOpen URI in a new tabβ function, grants the malicious page access to the window.opener object