Unrated severityNVD Advisory· Published Feb 3, 2020· Updated Aug 4, 2024
CVE-2020-5182
CVE-2020-5182
Description
The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reverse Tabnabbing. In some configurations, the link to the business website can be entered by any user. If it doesn't contain rel="noopener" (or similar attributes such as noreferrer), the tabnabbing may occur. To reproduce the bug, create a business with a website link that contains JavaScript to exploit the window.opener property (for example, by setting window.opener.location).
Affected products
2- Joomla/J-BusinessDirectorydescription
- Range: <5.2.9
Patches
Vulnerability mechanics
References
1- www.cmsjunkie.com/blog/joomla_business_directory_5-2-9_release/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.