An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4OG0tOXFnNS0zNXBx
Reverse Tabnabbing in quill
quill prior to 1.3.7 are vulnerable to Reverse Tabnabbing. The package uses
target='_blank' in anchor tags, allowing attackers to access
window.opener for the original page when opening links. This is commonly used for phishing attacks.
No fix is currently available. Consider using an alternative package until a fix is made available.Permalink: https://github.com/advisories/GHSA-588m-9qg5-35pq
Source: GitHub Advisory Database
Published: about 3 years ago
Updated: 9 months ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Fixed in: 1.3.7