Reverse Tabnabbing Vulnerability in Simple Machines Forum by Simple Machines
CVE-2019-12490

6.5MEDIUM

Key Information:

Vendor: Simplemachines
Status: Simple Machines Forum
Vendor: CVE Published:; 22 January 2020

🔔 Create Simplemachines Vulnerability Alert

What is CVE-2019-12490?

An issue exists in Simple Machines Forum prior to version 2.0.16 that allows for reverse tabnabbing to occur. This vulnerability arises due to the improper use of the target attribute '_blank' for external links, which can potentially lead to unwanted behavior when users interact with the affected links, enabling malicious actors to redirect users without their consent.

References

https://www.simplemachines.org/community/index.php?topic=...

x_refsource_MISC

https://www.youtube.com/watch?v=gCVeFoxZ1DI

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 22, 2020
Vulnerability Reserved
May 30, 2019