Twitter-Post-Fetcher vulnerable to Use of Web Link to Untrusted Target with window.opener Access
- Severity:
- Medium
Description
A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible to initiate the attack remotely.
Recommendation
Update the twitter-fetcher-js package to the latest compatible version. Followings are version details:
- Affected version(s): < 18.0.0
- Patched version(s): 18.0.0
References
Related Issues
- HFS user adding a "web link" in HFS is vulnerable to "target=_blank" exploit - Vulnerability
- Macro in MathJax running untrusted Javascript within a web browser - CVE-2018-1999024
- Materialize-css vulnerable to Improper Neutralization of Input During Web Page Generation - CVE-2019-11004
- @tiptap/extension-link vulnerable to Cross-site Scripting (XSS) - CVE-2025-14284
- Tags:
- npm
- twitter-fetcher-js
Anything's wrong? Let us know Last updated on February 02, 2023