漏洞标题
smartbanner.js rel noopener XSS 漏洞
漏洞描述信息
smartbanner.js 是一个适用于 iOS 和 Android 的可定制智能应用横幅。在 1.14.1 版本之前,点击 smartbanner 的 `View` 链接并导航到第三方页面时,`window.opener` 会暴露在外。这可能会让恶意第三方滥用 `window.opener`,例如通过重定向或在包含 smartbanner 的原始页面上进行注入。从 `v1.14.1` 版本开始,`rel="noopener"` 自动填充到链接中,这是一个推荐的升级来解决该漏洞。对于无法进行升级的情况,有一些解决方法可用。确保 `View` 链接只引导用户到 Apple 应用商店或 Google Play 应用商店,这些商店的安全性由相应的应用商店安全团队保护。如果 `View` 链接指向第三方页面,限制 smartbanner.js 仅在 iOS 上使用,这可以缩小漏洞的影响范围,因为从 Safari 12.1 开始,所有 `target="_blank"` 链接都会自动应用 `rel="noopener"`。smartbanner.js 的 1.14.1 版本中包含了对此问题的修复。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
漏洞类别
指向未可信站点的URL重定向(开放重定向)
漏洞标题
smartbanner.js rel noopener XSS vulnerability
漏洞描述信息
smartbanner.js is a customizable smart app banner for iOS and Android. Prior to version 1.14.1, clicking on smartbanner `View` link and navigating to 3rd party page leaves `window.opener` exposed. It may allow hostile third parties to abuse `window.opener`, e.g. by redirection or injection on the original page with smartbanner. `rel="noopener"` is automatically populated to links as of `v1.14.1` which is a recommended upgrade to resolve the vulnerability. Some workarounds are available for those who cannot upgrade. Ensure `View` link is only taking users to App Store or Google Play Store where security is guarded by respective app store security teams. If `View` link is going to a third party page, limit smartbanner.js to be used on iOS that decreases the scope of the vulnerability since as of Safari 12.1, `rel="noopener"` is imposed on all `target="_blank"` links. Version 1.14.1 of smartbanner.js contains a fix for the issue.
CVSS信息
N/A
漏洞类别
指向未可信站点的URL重定向(开放重定向)
