What is CVE-2018-25089?

CVE-2018-25089 is a low-severity vulnerability in Glb Meetup Tag Extension, classified under Use of Web Link to Untrusted Target with window.opener Access. CVSS score: 3.5/10. Published 2023-08-28.

How severe is CVE-2018-25089?

Low severity. CVSS v3 base score is 3.5 out of 10.

Is CVE-2018-25089 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Glb Meetup Tag Extension

CVE-2018-25089

A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipulation leads to use of web link to untr…

EPSS: 0.001 (17.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.5 (Low). Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N.

Affected products

Glb Meetup Tag Extension — versions 0.1

Weakness classification (CWE)

CWE-1022 — Use of Web Link to Untrusted Target with window.opener Access

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

vuldb.com/ (vdb-entry, technical-description)
vuldb.com/ (signature, permissions-required)
github.com/glb/mediawiki-tag-extension-meetup/commit/850c726d6bbfe0bf270801fbb9… (patch)
github.com/glb/mediawiki-tag-extension-meetup/releases/tag/v0.2 (patch)

Frequently asked questions

What is CVE-2018-25089?: CVE-2018-25089 is a low-severity vulnerability in Glb Meetup Tag Extension, classified under Use of Web Link to Untrusted Target with window.opener Access. CVSS score: 3.5/10. Published 2023-08-28.
How severe is CVE-2018-25089?: Low severity. CVSS v3 base score is 3.5 out of 10.
Is CVE-2018-25089 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.