CVE-2022-35953

HIGH

BookWyrm < 0.4.5 - Open Redirect via Tabnabbing

Title source: llm
STIX 2.1

Description

BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links in BookWyrm may be vulnerable to tabnabbing, a form of phishing that gives attackers an opportunity to redirect a user to a malicious site. The issue was patched in version 0.4.5.

References (2)

Core 2
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_confirm
https://github.com/bookwyrm-social/bookwyrm/security/advisories/GHSA-xq42-mq5w-m24x
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://huntr.dev/bounties/67ca22bd-19c6-466b-955a-b1ee2da0c575/

Scores

CVSS v3 7.1
EPSS 0.0049
EPSS Percentile 38.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-601
Status published
Products (1)
joinbookwyrm/bookwyrm < 0.4.5
Published Aug 12, 2022
Tracked Since Feb 18, 2026