Home > Vulnerability Database > CVE-2018-25089

Mend.io Vulnerability Database

CVE-2018-25089

Good to know:

Date: August 28, 2023

A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipulation leads to use of web link to untrusted target with window.opener access. Upgrading to version 0.2 is able to address this issue. The identifier of the patch is 850c726d6bbfe0bf270801fbb92a30babea4155c. It is recommended to upgrade the affected component. The identifier VDB-238157 was assigned to this vulnerability.

Language: PHP

Severity Score

8.6

Related Resources (6)

Url: https://vuldb.com/?ctiid.238157

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-25089

Url: https://github.com/glb/mediawiki-tag-extension-meetup/commit/850c726d6bbfe0bf270801fbb92a30babea4155c

Url: https://github.com/glb/mediawiki-tag-extension-meetup/releases/tag/v0.2

Url: https://vuldb.com/?id.238157

Url: https://www.mend.io/vulnerability-database/CVE-2018-25089

Severity Score

8.6

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Use of Web Link to Untrusted Target with window.opener Access

CWE-1022

Top Fix

Upgrade Version

Upgrade to version v0.2

Learn More

CVSS v3.1

Base Score:	8.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	HIGH

CVSS v2

Base Score:	8.6
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	HIGH
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-25089

Good to know:

Date: August 28, 2023

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?