Vulnerability	Vulnerable Version
M Use of Web Link to Untrusted Target with window.opener Access hfs is a HTTP File Server Affected versions of this package are vulnerable to Use of Web Link to Untrusted Target with window.opener Access via the `openFileMenu` function in the `fileMenu.ts` file. An attacker can manipulate the content of the original browser tab by exploiting the `window.opener` property after a user clicks a crafted external link, potentially leading to credential theft or exposure of sensitive information. Note: This is only exploitable if users access the application using outdated browsers that do not mitigate this issue at the browser level. How to fix Use of Web Link to Untrusted Target with window.opener Access? Upgrade `hfs` to version 0.57.10-beta1 or higher.	<0.57.10-beta1

Use of Web Link to Untrusted Target with window.opener Access

hfs is a HTTP File Server

Affected versions of this package are vulnerable to Use of Web Link to Untrusted Target with window.opener Access via the openFileMenu function in the fileMenu.ts file. An attacker can manipulate the content of the original browser tab by exploiting the window.opener property after a user clicks a crafted external link, potentially leading to credential theft or exposure of sensitive information.

Note: This is only exploitable if users access the application using outdated browsers that do not mitigate this issue at the browser level.

How to fix Use of Web Link to Untrusted Target with window.opener Access?

Upgrade hfs to version 0.57.10-beta1 or higher.

<0.57.10-beta1

Go back to all versions of this package