What is CVE-2020-36624?

CVE-2020-36624 is a medium-severity vulnerability in Ahorner Text-helpers, classified under Use of Web Link to Untrusted Target with window.opener Access. CVSS score: 6.3/10. Published 2022-12-22.

How severe is CVE-2020-36624?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Is CVE-2020-36624 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Ahorner Text-helpers

CVE-2020-36624

A vulnerability was found in ahorner text-helpers up to 1.0.x. It has been declared as critical. This vulnerability affects unknown code of the file lib/text_helpers/translation.rb. The manipulation of the argument link leads to use of web…

EPSS: 0.003 (55.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L.

Affected products

Ahorner Text-helpers — versions 1.0

Weakness classification (CWE)

CWE-1022 — Use of Web Link to Untrusted Target with window.opener Access

Public proof-of-concept exploits

Live-Hack-CVE/CVE-2020-36624

References

vuldb.com/ (technical-description, vdb-entry)
github.com/ahorner/text-helpers/pull/19 (related)
github.com/ahorner/text-helpers/commit/184b60ded0e43c985788582aca2d1e746f9405a3 (mitigation, patch)
github.com/ahorner/text-helpers/releases/tag/v1.1.0 (mitigation)

Frequently asked questions

What is CVE-2020-36624?: CVE-2020-36624 is a medium-severity vulnerability in Ahorner Text-helpers, classified under Use of Web Link to Untrusted Target with window.opener Access. CVSS score: 6.3/10. Published 2022-12-22.
How severe is CVE-2020-36624?: Medium severity. CVSS v3 base score is 6.3 out of 10.
Is CVE-2020-36624 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.