CVE-2022-35953

low-risk
Published 2022-08-12

BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links in BookWyrm may be vulnerable to tabnabbing, a form of phishing that gives attackers an opportunity to redirect a user to a malicious site. The issue was patched in version 0.4.5.

Do I need to act?

-
0.25% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.1/10 High
NETWORK / HIGH complexity

Affected Products (1)

Affected Vendors

Joinbookwyrm

References (4)

Exploit https://github.com/bookwyrm-social/bookwyrm/security/advisories/GHSA-xq42-mq5w-m...
Exploit https://huntr.dev/bounties/67ca22bd-19c6-466b-955a-b1ee2da0c575/
Exploit https://github.com/bookwyrm-social/bookwyrm/security/advisories/GHSA-xq42-mq5w-m...
Exploit https://huntr.dev/bounties/67ca22bd-19c6-466b-955a-b1ee2da0c575/
27
/ 100
low-risk
Severity 21/34 · High
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal