Fortinet Discovers OpenProject Wiki Tabnabbing Vulnerability
Fortinet's FortiGuard Labs has discovered a Tabnabbing Vulnerability in OpenProject.
OpenProject is a web-based project management system for location-independent team collaboration.
OpenProject is susceptible to Tabnabbing vulnerability. The issue occurs when the server allows attacker input "target=_blank" to HTML anchor tag without rel noopener attribute which can result in attacker controlling victim's browser.
Users should apply the solution provided by OpenProject
Fortinet reported the vulnerability to OpenProject on 29 November, 2019.
OpenProject confirmed the vulnerability on 5 December, 2019.
OpenProject released patch for the vulnerability on 11 December, 2019.