CVE-2024-39727

CRITICAL Year: 2024
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-1022
View all →

Vulnerability Description

IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser.

Related Vulnerabilities

CVE-2022-1583

MEDIUM
CVSS:6.5(Medium)

The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to ...

CWE-10222022

CVE-2018-25058

MEDIUM
CVSS:6.1(Medium)

A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The man...

CWE-10222018

CVE-2020-36624

MEDIUM
CVSS:6.1(Medium)

A vulnerability was found in ahorner text-helpers up to 1.0.x. It has been declared as critical. This vulnerability affects unknown code of the file lib/text_helpers/translation.rb. The manipulation o...

CWE-10222020

CVE-2022-4927

MEDIUM
CVSS:6.1(Medium)

A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/bookmarks/_refworks.html.erb. The manipula...

CWE-10222022

CVE-2022-2600

MEDIUM
CVSS:5.4(Medium)

The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab throug...

CWE-10222022

CVE-2018-25089

MEDIUM
CVSS:5.3(Medium)

A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipu...

CWE-10222018