CVE-2025-25300: smartbanner.js rel noopener vulnerability
(updated )
Clicking on smartbanner View link and navigating to 3rd party page leaves window.opener
exposed. It may allow hostile 3rd parties to abuse window.opener
, e.g. by redirection or injection on the original page with smartbanner.
References
Detect and mitigate CVE-2025-25300 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →