How severe is CVE-2022-4927?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2022-4927?

This is classified as CWE-1022, which is a common weakness in software security.

CVE-2022-4927

MEDIUM Year: 2022

CVSS v3 Score

6.1

Medium

CVSS v2 Score

6.5

Medium

Weakness Type

CWE-1022

View all →

Vulnerability Description

A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/bookmarks/_refworks.html.erb. The manipulation leads to use of web link to untrusted target with window.opener access. The attack may be initiated remotely. Upgrading to version 1.0.71 is able to address this issue. The patch is named abe9f57123e0c278ae190cd7402a623d66c51375. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222287.

CVE-2018-25058

MEDIUM

CVSS:6.1(Medium)

A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The man...

CWE-10222018

CVE-2020-36624

MEDIUM

CVSS:6.1(Medium)

A vulnerability was found in ahorner text-helpers up to 1.0.x. It has been declared as critical. This vulnerability affects unknown code of the file lib/text_helpers/translation.rb. The manipulation o...

CWE-10222020

CVE-2022-1583

MEDIUM

CVSS:6.5(Medium)

The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to ...

CWE-10222022

CVE-2022-2600

MEDIUM

CVSS:5.4(Medium)

The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab throug...

CWE-10222022

CVE-2018-25089

MEDIUM

CVSS:5.3(Medium)

A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipu...

CWE-10222018

CVE-2021-39112

MEDIUM

CVSS:4.8(Medium)

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affe...

CWE-10222021

CVE-2022-4927

Vulnerability Description

Related Vulnerabilities

CVE-2018-25058

CVE-2020-36624

CVE-2022-1583

CVE-2022-2600

CVE-2018-25089

CVE-2021-39112