CVE-2018-25058

Published: Dic 29, 2022 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2022-7679 Aliases: GHSA-m688-cx2p-rgq9
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 4,2
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: low

Description

AI Translation Available

A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible to initiate the attack remotely. Upgrading to version 18.0.0 is able to address this issue. The name of the patch is 7d281c6fb5acbc29a2cad295262c1f0c19ca56f3. It is recommended to upgrade the affected component. The identifier VDB-217017 was assigned to this vulnerability.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0041
Percentile
0,6th
Updated

EPSS Score Trend (Last 90 Days)

1022

Use of Web Link to Untrusted Target with window.opener Access

Incomplete
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Alter Execution Logic
Applicable Platforms
Languages: JavaScript, Not Language-Specific
Technologies: Web Based, Web Server
Likelihood of Exploit: Medium
View CWE Details
Application

Twitter-Post-Fetcher by Twitter-Post-Fetcher Project

Product Information
Vendor Twitter-Post-Fetcher Project
Product Twitter-Post-Fetcher
Version Range Affected
To 18.0.0 (exclusive)
cpe:2.3:a:twitter-post-fetcher_project:twitter-post-fetcher:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/jasonmayes/Twitter-Post-Fetcher/commit/7…
Patch Third Party Advisory
https://github.com/jasonmayes/Twitter-Post-Fetcher/commit/7d281c6fb5acbc29a2cad…
https://github.com/jasonmayes/Twitter-Post-Fetcher/pull/170
Third Party Advisory
https://github.com/jasonmayes/Twitter-Post-Fetcher/pull/170
https://github.com/jasonmayes/Twitter-Post-Fetcher/releases…
Third Party Advisory
https://github.com/jasonmayes/Twitter-Post-Fetcher/releases/tag/18.0.0
https://vuldb.com/?ctiid.217017
Third Party Advisory
https://vuldb.com/?ctiid.217017
https://vuldb.com/?id.217017
Third Party Advisory
https://vuldb.com/?id.217017
https://github.com/jasonmayes/Twitter-Post-Fetcher/commit/7…
Patch Third Party Advisory
https://github.com/jasonmayes/Twitter-Post-Fetcher/commit/7d281c6fb5acbc29a2cad…
https://github.com/jasonmayes/Twitter-Post-Fetcher/pull/170
Third Party Advisory
https://github.com/jasonmayes/Twitter-Post-Fetcher/pull/170
https://github.com/jasonmayes/Twitter-Post-Fetcher/releases…
Third Party Advisory
https://github.com/jasonmayes/Twitter-Post-Fetcher/releases/tag/18.0.0
https://vuldb.com/?ctiid.217017
Third Party Advisory
https://vuldb.com/?ctiid.217017
https://vuldb.com/?id.217017
Third Party Advisory
https://vuldb.com/?id.217017