CVE-2020-5182

Name of the Vulnerable Software and Affected Versions J-BusinessDirectory extension versions prior to 5.2.9 for Joomla!

Description The issue allows Reverse Tabnabbing. In some configurations, the link to the business website can be entered by any user. If it doesn't contain rel="noopener" (or similar attributes such as noreferrer), the tabnabbing may occur. To reproduce the bug, create a business with a website link that contains JavaScript to exploit the window.opener property (for example, by setting window.opener.location).

Recommendations For versions prior to 5.2.9, update to version 5.2.9 or later to resolve the issue. As a temporary workaround, consider ensuring that all links to business websites contain rel="noopener" or similar attributes to prevent tabnabbing. Restrict access to configuring business website links to trusted users to minimize the risk of exploitation.