Reverse Tabnabbing Vulnerability in Simple Machines Forum by Simple Machines
CVE-2019-12490

6.5MEDIUM

Key Information:

Vendor

Simplemachines

Status
Simple Machines Forum
Vendor
CVE Published:
22 January 2020

What is CVE-2019-12490?

An issue exists in Simple Machines Forum prior to version 2.0.16 that allows for reverse tabnabbing to occur. This vulnerability arises due to the improper use of the target attribute '_blank' for external links, which can potentially lead to unwanted behavior when users interact with the affected links, enabling malicious actors to redirect users without their consent.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.simplemachines.org/community/index.php?topic=...
x_refsource_MISC
https://www.youtube.com/watch?v=gCVeFoxZ1DI
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.