CVE-2020-5182

by Fred · 03/02/2020

The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reverse Tabnabbing. In some configurations, the link to the business website can be entered by any user. If it doesn’t contain rel="noopener" (or similar attributes such as noreferrer), the tabnabbing may occur. To reproduce the bug, create a business with a website link that contains JavaScript to exploit the window.opener property (for example, by setting window.opener.location).

Date published : 2020-02-03

https://www.cmsjunkie.com/blog/joomla_business_directory_5-2-9_release/

CVE-2020-5182

Similar

Recent Posts

Categories

CVE-2020-5182

Share this:

Similar

Recent Posts

Categories

Tags