Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Twitter-Post-Fetcher Link Target twitterFetcher.js reverse tabnabbing
Vulnerability Description
A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible to initiate the attack remotely. Upgrading to version 18.0.0 is able to address this issue. The name of the patch is 7d281c6fb5acbc29a2cad295262c1f0c19ca56f3. It is recommended to upgrade the affected component. The identifier VDB-217017 was assigned to this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L
Vulnerability Type
使用windows.opener访问指向不可信目标的web链接
Vulnerability Title
Twitter-Post-Fetcher 安全漏洞
Vulnerability Description
Twitter-Post-Fetcher是Jason Mayes个人开发者的一个库。用于在不使用新的 twitter 1.1 API 的情况下获取您的 twitter 帖子。 Twitter-Post-Fetcher 17.x之前版本存在安全漏洞。攻击者利用该漏洞导致受害者使用不受信任目标的web链接。
CVSS Information
N/A
Vulnerability Type
N/A