RSS   Vulnerabilities for 'J-businessdirectory'   RSS

2020-02-03
 
CVE-2020-5182

CWE-522
 

 
The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reverse Tabnabbing. In some configurations, the link to the business website can be entered by any user. If it doesn't contain rel="noopener" (or similar attributes such as noreferrer), the tabnabbing may occur. To reproduce the bug, create a business with a website link that contains JavaScript to exploit the window.opener property (for example, by setting window.opener.location).

 

 >>> Vendor: Cmsjunkie 2 Products
J-classifiedsmanager
J-businessdirectory


Copyright 2024, cxsecurity.com

 

Back to Top