Avant Browser 11.7 Builds 35 and 36 allows remote malicious users to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. NOTE: a related attack was reported in which an arbitrary file: URL is shown.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
avant force avant browser 11.7 |