Skip to main content

CWE-1022

Use of Web Link to Untrusted Target with window.opener Access

7 CVEs Avg CVSS 5.5 MITRE
1
CRITICAL
0
HIGH
4
MEDIUM
2
LOW
2
POC
0
KEV

Monthly

CVE-2025-59842 PyPI LOW PATCH Monitor

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Jupyterlab
NVD GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-42941 LOW Monitor

SAP Fiori (Launchpad) is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link (<a>) elements. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2024-39727 CRITICAL Act Now

IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Engineering Lifecycle Optimization Engineering Insights
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-2600 MEDIUM POC This Month

The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Auto Hyperlink Urls
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-1583 MEDIUM POC This Month

The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure External Links In New Window New Tab
NVD WPScan
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-33697 MEDIUM PATCH This Month

Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure SAP Businessobjects Business Intelligence
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-39112 MEDIUM PATCH This Month

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

Atlassian Information Disclosure Data Center Jira Jira Data Center +1
NVD
CVSS 3.1
4.8
EPSS
0.7%
EPSS 0% CVSS 2.1
LOW PATCH Monitor

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Jupyterlab
NVD GitHub
EPSS 0% CVSS 3.5
LOW Monitor

SAP Fiori (Launchpad) is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link (<a>) elements. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Engineering Lifecycle Optimization Engineering Insights
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Auto Hyperlink Urls
NVD WPScan
EPSS 1% CVSS 6.5
MEDIUM POC This Month

The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure External Links In New Window New Tab
NVD WPScan
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure SAP Businessobjects Business Intelligence
NVD
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

Atlassian Information Disclosure Data Center +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy