FeehiCMS Reverse Tabnabbing Vulnerability

A reverse tabnabbing vulnerability has been identified in FeehiCMS version 2.1.1, specifically within the Comments Management function. This issue arises because external links are not properly secured with the rel="noopener noreferrer" attributes, allowing for potential phishing attacks. When a user clicks on a link that opens in a new tab, the original tab can be manipulated to display a different page, such as a phishing site. If the user interacts with this page, their credentials or sensitive information could be compromised.

Impact

Exploitation of this vulnerability allows for reverse tabnabbing, where an attacker can change the content of the original tab to a phishing site, potentially leading to credential theft.

Reproduction

To reproduce this vulnerability, log in as a backend user and navigate to the Comments Management function. Update a comment by adding a link that points to an external site. Once the comment is saved, click the link to open it in a new tab. The absence of the rel="noopener noreferrer" attributes will allow the original tab to be manipulated, demonstrating the reverse tabnabbing vulnerability.

Remediation

To address this vulnerability, ensure that all external links with target="_blank"" are configured with the rel="noopener noreferrer" attributes.