Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2019-0211
Good to know:
Date: July 6, 2019
quill all versions are vulnerable to Reverse Tabnapping, allowing attackers to access window.opener for the original page when opening links.
Language: JS
Severity Score
Severity Score
Weakness Type (CWE)
Improper Access Control
CWE-284Top Fix
Upgrade Version
Upgrade to version capile/tecnodesign - 2.3.80;capile/tecnodesign - dev-feature/editor-counter;capile/tecnodesign - 2.2.7;capile/tecnodesign - 2.3.28;capile/tecnodesign - 2.2.21;capile/tecnodesign - 2.2.2;acacha/events - 0.1.0;jawad-topdot/laravel-admin - 1.0.12;jawad-topdot/laravel-admin - 1.0.10;jawad-topdot/laravel-admin - 1.0.21;barrelstrength/sprout-base - v4.0.1;barrelstrength/sprout-base - v3.0.3;barrelstrength/sprout-base - v2.0.5;barrelstrength/sprout-base - dev-dependabot/npm_and_yarn/websocket-extensions-0.1.4;barrelstrength/sprout-base - v1.0.2;barrelstrength/sprout-base - v1.1.5;barrelstrength/sprout-base - v1.1.0;barrelstrength/sprout-base - v3.0.8;barrelstrength/sprout-base - v2.0.1;barrelstrength/sprout-base - v3.0.10;barrelstrength/sprout-base - v2.0.8;barrelstrength/sprout-base - v2.0.10;barrelstrength/sprout-base - v3.0.1;barrelstrength/sprout-base - v2.0.3;barrelstrength/sprout-base - v4.0.4;barrelstrength/sprout-base - v3.0.6;barrelstrength/sprout-base - v1.0.5;barrelstrength/sprout-base - v1.1.4;barrelstrength/sprout-base - dev-feature/purge-elements;barrelstrength/sprout-base - v1.0.6;barrelstrength/sprout-base - v2.0.4;barrelstrength/sprout-base - v3.0.7;barrelstrength/sprout-base - v4.0.5;barrelstrength/sprout-base - v4.0.2;barrelstrength/sprout-base - v1.0.3;barrelstrength/sprout-base - v3.0.4;barrelstrength/sprout-base - v2.0.6;barrelstrength/sprout-base - v2.0.7;barrelstrength/sprout-base - v1.1.6;barrelstrength/sprout-base - v3.0.5;barrelstrength/sprout-base - v1.0.9;barrelstrength/sprout-base - v3.0.0;barrelstrength/sprout-base - v2.0.2;barrelstrength/sprout-base - v4.0.3;barrelstrength/sprout-base - v4.0.0;barrelstrength/sprout-base - v1.1.3;barrelstrength/sprout-base - v3.0.2;barrelstrength/sprout-base - dev-dependabot/npm_and_yarn/path-parse-1.0.7;mikebywater/kafka-author - 0.1;mikebywater/kafka-author - no_fix;jd-dotlogics/laravel-admin - 2.0.11;jd-dotlogics/laravel-admin - 2.0.9;jd-dotlogics/laravel-admin - 2.0.26;jd-dotlogics/laravel-admin - 2.0.20;jd-dotlogics/laravel-admin - 2.0.4;jd-dotlogics/laravel-admin - no_fix;jd-dotlogics/laravel-admin - 2.0.23;jd-dotlogics/laravel-admin - 2.0.17;omerz/heroadm - no_fix;barrelstrength/sprout-notes - v1.0.0;barrelstrength/sprout-notes - v2.2.2;barrelstrength/sprout-notes - v2.2.3;barrelstrength/sprout-notes - v2.0.1;barrelstrength/sprout-notes - v2.2.1;PWPTemplateCMS - no_fix;westsoft/acl - no_fix;westsoft/acl - v0.0.8-beta;moonshine/moonshine - 1.52.0;guysolamour/laravel-administrable - v2.0;guysolamour/laravel-administrable - v5.2.0;guysolamour/laravel-administrable - v5.5.3;guysolamour/laravel-administrable - dev-dependabot/bundler/docs/nokogiri-1.13.3;guysolamour/laravel-administrable - dev-dependabot/bundler/docs/rake-12.3.3;guysolamour/laravel-administrable - v0.1;guysolamour/laravel-administrable - v5.0.4;guysolamour/laravel-administrable - v5.0.0;guysolamour/laravel-administrable - v5.1.5;guysolamour/laravel-administrable - v5.1.8;nuradev/nura24 - dev-dependabot/npm_and_yarn/elliptic-6.5.4;nuradev/nura24 - dev-dependabot/npm_and_yarn/ini-1.3.8;nuradev/nura24 - dev-dependabot/npm_and_yarn/url-parse-1.5.3;nuradev/nura24 - no_fix;qsnh/meedu - dev-dependabot/npm_and_yarn/path-parse-1.0.7;barrelstrength/sprout-base-fields - v1.1.0;barrelstrength/sprout-base-fields - v1.0.3;barrelstrength/sprout-base-fields - v1.0.6;barrelstrength/sprout-base-fields - dev-dependabot/npm_and_yarn/postcss-and-laravel-mix-and-resolve-url-loader-8.4.18;barrelstrength/sprout-base-fields - v1.0.5;barrelstrength/sprout-base-fields - v1.0.0;barrelstrength/sprout-base-fields - dev-dependabot/npm_and_yarn/json-schema-and-jsprim-0.4.0;barrelstrength/sprout-base-fields - dev-dependabot/npm_and_yarn/url-parse-1.5.10;barrelstrength/sprout-base-fields - v1.0.2;barrelstrength/sprout-base-fields - no_fix;barrelstrength/sprout-base-fields - v1.0.1;barrelstrength/sprout-base-fields - dev-dependabot/npm_and_yarn/minimist-1.2.6;barrelstrength/sprout-base-fields - v1.0.4;webreinvent/vaahcms - dev-feature/modules-page;webreinvent/vaahcms - dev-release/backend-job-batching;webreinvent/vaahcms - dev-snyk-upgrade-2b3a06ccbfca46e8040f51a35d96da64;webreinvent/vaahcms - dev-feature/themes-page;webreinvent/vaahcms - dev-master;webreinvent/vaahcms - dev-release/vaahcms-setup;webreinvent/vaahcms - dev-feature/database-export-and-import;webreinvent/vaahcms - dev-release/minor-release-column-indexes;webreinvent/vaahcms - dev-feature/backend-logo-in-config;webreinvent/vaahcms - 2.0.1;webreinvent/vaahcms - dev-feature/resolve-some-issue;webreinvent/vaahcms - v0.2.4;webreinvent/vaahcms - 1.0.0;webreinvent/vaahcms - dev-feature/permission-page;webreinvent/vaahcms - dev-feature/advanced-jobs-setion;webreinvent/vaahcms - v0.2.5;webreinvent/vaahcms - dev-feature/developing-vaahvue;webreinvent/vaahcms - dev-release/v0.1.4;webreinvent/vaahcms - dev-hotfix/installation-issue-settings.json-removed;zrkb/nexus - dev-dependabot/npm_and_yarn/url-parse-1.5.7;zrkb/nexus - dev-dependabot/npm_and_yarn/minimist-1.2.6;zrkb/nexus - no_fix;zrkb/nexus - dev-dependabot/npm_and_yarn/moment-2.29.2;moman13/dashboard-setup - no_fix;ziainnovation/mailbox - no_fix;quill - 1.3.7;philiplb/crudlex - 0.9;philiplb/crudlex - no_fix;philiplb/crudlex - 0.13.0;CommonWeb - 2.0.3-alpha005;CommonWeb - 2.0.0-alpha025;CommonWeb - 2.0.0-alpha036;mymocms/mymocms - no_fix;didrive/base - no_fix;didrive/base - 2.10.0;didrive/base - 0.0.1;hillelcoren/invoice-ninja - v3.3.1;hillelcoren/invoice-ninja - v4.5.32;hillelcoren/invoice-ninja - v5.0.12;hillelcoren/invoice-ninja - v5.1.73;hillelcoren/invoice-ninja - v5.0.29;hillelcoren/invoice-ninja - v4.5.7;hillelcoren/invoice-ninja - v2.6.6;hillelcoren/invoice-ninja - dev-eway;hillelcoren/invoice-ninja - v4.5.45;hillelcoren/invoice-ninja - dev-v5-stable;hillelcoren/invoice-ninja - v4.4.1;hillelcoren/invoice-ninja - v5.3.20;hillelcoren/invoice-ninja - v3.2.1;rdp77/veyaz - no_fix;webup/laravel-blog - no_fix;webup/laravel-blog - 0.3;webup/laravel-blog - 0.1;panel - 0.14.4;panel - 1.2.0;panel - 1.2.3;bakerysoft/laravelbakerysoft - no_fix;develogs/panel - no_fix;rembon/laravel-crud-generator - no_fix;didrive/cms - dev-stable;didrive/cms - 1.0.0;AutoDomain.Modules.Core.Blazor - 4.1.205;xzprod/quill-widget - no_fix;oburatongoi/productivity - no_fix;oburatongoi/productivity - 0.0.1;dcat-xk/laravel-admin - 0.8.1;jirka-mayer/mycelium - no_fix;jviatge/satadmin - no_fix;jviatge/satadmin - v1.0.0;dcat/laravel-admin - 0.8.1;groupefbo/ezframe - no_fix;masihfathi/yii2-drag-drop-forms - no_fix;chrisbraybrooke/laravel-ecommerce - dev-form-field-key;chrisbraybrooke/laravel-ecommerce - 0.0.17;chrisbraybrooke/laravel-ecommerce - 0.0.56;chrisbraybrooke/laravel-ecommerce - 0.0.2;shanjing/laravel-admin - 0.8.1;rainbowl/laravel-admin - 0.8.1;thans/laravel-admin - 0.8.1;houdunwang/hdcms - dev-dependabot/npm_and_yarn/Modules/Article/eventsource-1.1.1;sledov/flarum-ext-quill - 0.1.0-beta.1;sledov/flarum-ext-quill - no_fix;nowyouwerkn/wecommerce - dev-moon;nowyouwerkn/wecommerce - no_fix;nowyouwerkn/wecommerce - 1.5;nowyouwerkn/wecommerce - dev-satellite;nowyouwerkn/wecommerce - dev-main;demyanenkomaks/yii2-base - 2.0.0;jackh/yii2-aurora - 1.0.0;smartysoft/yii2-smartysoft-ample - no_fix;developeroncall/larateme - v1.0;lee-to/moonshine - 2.x-dev;default64bit/ratech-admin - no_fix;jxlwqq/quill - 1.0.3;moman12/dashboard_ui - no_fix;sina/shuttle - no_fix;sina/shuttle - dev-tmindiashvili1-patch-1;mieproject/ui-dashboard - no_fix;revise/prime-cms - 0.1.0;revise/prime-cms - 0.3.0;revise/prime-cms - no_fix;revise/prime-cms - 0.3.6;salvatori/alma-one - 5.0.5;orzcc/laravel-admin - 0.8.1;visanduma/laravel-formy - no_fix;pceuropa/yii2-forms - 1.0.0;pceuropa/yii2-forms - no_fix;tarantella110/laravel-admin - 0.8.1;opoink/framework - v1.2.0;opoink/framework - v1.2.0-beta;opoink/framework - v1.0.1;drongotech/applicationinfo - v1.2.0;adkats/bfacp - dev-depfu-update-npm-axios-0.21.1;yousry943/easyadmin - dev-dependabot/composer/league/flysystem-1.1.4;yousry943/easyadmin - no_fix;yousry943/easyadmin - dev-dependabot/composer/guzzlehttp/guzzle-6.5.8;moonshine/quill - no_fix;redwine/redwine - dev-new-version;hhniao/laravel-admin - 0.8.1;yourock/quill - no_fix;rekamy/generator - dev-stable;rekamy/generator - v2.0.7;rekamy/generator - v5.0.0;salvatori/svcms - no_fix;webcosmonauts/alder - no_fix;maurolacerda-tech/ml-framework - no_fix;wmlc/laravel-admin - 0.8.1;edguy/admin_panel - 1.0;edguy/admin_panel - no_fix;silverstripers/silverstripe-postmarked - no_fix;liushoukun/laravel-admin - 0.8.1;jybtx/backstaged-management - no_fix;juzaweb/laravel-cms - dev-feature/laravel-9-support;erjon/cone - no_fix;westsoftware/acl2 - no_fix;madtechservices/theme-madmin - no_fix;sky9th/skycms - v2.1;elefant/cms - dev-rector-first-run;zhenxxin/dcat-admin - 0.8.1;obaydmerz/heroadm - no_fix;klezbucket/laravelito - no_fix;tuliacms/cms - no_fix;tahamazaheri/ticket - no_fix;codegaf/crudgenerator - dev-master;juzaweb/juzacms - dev-bugfix/220-admin-prefix;globit/laravel-ticket - no_fix;ozzzzam/flarum-ext-quill-with-image - no_fix;ozzzzam/flarum-ext-quill-with-image - 0.1.0-beta.1;dimaslanjaka/universal-framework - dev-snyk-fix-20c856194ba899c370807ce70750adf2;juraev/quill - v0.0.1;ngorei/framework - v2.0.4;ngorei/framework - no_fix;moeen1/helpsupport - no_fix;satriotol/fastcrud - 10.x-dev;karlito-web/layouts - no_fix;mnabialek/laravel-eloquent-filter - dev-dependabot/composer/guzzlehttp/guzzle-7.4.3;itshayu/laravel-admin - 0.8.1;ofilin/yii2-quill - no_fix;jackchow/laravel-admin - 0.8.1;andmarruda/sbblog - no_fix;ajifatur/faturcms - v1.0.0-alpha;statikbe/laravel-sir-trevor - no_fix;mostafa0alii/dashboard-builder - no_fix;os2display/template-extension-bundle - no_fix;jorry2008/dcat-admin - 0.8.1;miaad/helpsupport - no_fix;umkdev/umkkit - no_fix;baoshi/laravel9-admin - 0.8.1;liuyi/laravel-admin - 0.8.1;ekxs/laravel-admin - 0.8.1;maxiter/maxiter - no_fix;mrmarchone/kayan - no_fix;warrenkfz/laravel-admin - 0.8.1;disatapp/light-blog - no_fix;persist/coreui - no_fix;org.webjars.bower:quill:1.3.4;org.webjars.npm:quill:1.3.7;org.webjars.npm:github-com-quilljs-quill:1.3.7
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | REQUIRED |
| Scope (S): | CHANGED |
| Confidentiality (C): | LOW |
| Integrity (I): | LOW |
| Availability (A): | NONE |