How severe is CVE-2018-25058?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2018-25058?

This is classified as CWE-1022, which is a common weakness in software security.

CVE-2018-25058

MEDIUM Year: 2018

CVSS v3 Score

6.1

Medium

Weakness Type

CWE-1022

View all →

Vulnerability Description

A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible to initiate the attack remotely. Upgrading to version 18.0.0 is able to address this issue. The name of the patch is 7d281c6fb5acbc29a2cad295262c1f0c19ca56f3. It is recommended to upgrade the affected component. The identifier VDB-217017 was assigned to this vulnerability.

CVE-2020-36624

MEDIUM

CVSS:6.1(Medium)

A vulnerability was found in ahorner text-helpers up to 1.0.x. It has been declared as critical. This vulnerability affects unknown code of the file lib/text_helpers/translation.rb. The manipulation o...

CWE-10222020

CVE-2022-4927

MEDIUM

CVSS:6.1(Medium)

A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/bookmarks/_refworks.html.erb. The manipula...

CWE-10222022

CVE-2022-1583

MEDIUM

CVSS:6.5(Medium)

The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to ...

CWE-10222022

CVE-2022-2600

MEDIUM

CVSS:5.4(Medium)

The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab throug...

CWE-10222022

CVE-2018-25089

MEDIUM

CVSS:5.3(Medium)

A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipu...

CWE-10222018

CVE-2021-39112

MEDIUM

CVSS:4.8(Medium)

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affe...

CWE-10222021

CVE-2018-25058

Vulnerability Description

Related Vulnerabilities

CVE-2020-36624

CVE-2022-4927

CVE-2022-1583

CVE-2022-2600

CVE-2018-25089

CVE-2021-39112