CWE-1022 · Use of Web Link to Untrusted Target with window.opener Access
12 CVEs classified under CWE-1022 (Use of Web Link to Untrusted Target with window.opener Access). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-36624 | Medium | 6.3 | 2022-12-22 | A vulnerability was found in ahorner text-helpers up to 1.0.x. It has been declared as critical. This vulnerability affects unknown code of the file lib/text_h… |
CVE-2024-39727 | Medium | 6.1 | 2024-12-25 | IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker… |
CVE-2022-4927 | Medium | 5.5 | 2023-03-05 | A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/b… |
CVE-2025-33014 | Medium | 5.4 | 2025-07-18 | IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.4 uses a web link with untrusted references to an e… |
CVE-2021-33697 | Medium | 4.7 | 2021-09-15 | Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect u… |
CVE-2018-25058 | Medium | 4.2 | 2022-12-29 | A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of t… |
CVE-2025-42941 | Low | 3.5 | 2025-08-12 | SAP Fiori (Launchpad) is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link (<a>) elements. An attac… |
CVE-2018-25089 | Low | 3.5 | 2023-08-28 | A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the com… |
CVE-2025-59842 | | 2025-09-26 | jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to version 4.4.8, links g… | |
CVE-2022-2600 | | 2022-08-22 | The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the ta… | |
CVE-2022-1583 | | 2022-05-30 | The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked… | |
CVE-2021-39112 | | 2021-08-25 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability i… |