Reverse Tabnapping in swagger-ui

Published: Jun 20, 2019
Updated: Apr 14, 2023
GHSA: <a href="https://github.com/advisories/GHSA-x9p2-fxq6-2m5f" target="_blank" rel="noopener"> GHSA-x9p2-fxq6-2m5f
Severity: Medium
Exploit:

Versions of swagger-ui prior to 3.18.0 are vulnerable to Reverse Tabnapping. The package uses target='_blank' in anchor tags, allowing attackers to access window.opener for the original page. This is commonly used for phishing attacks.