| Details | |
|---|---|
| Alert ID | 10108 |
| Alert Type | Passive |
| Status | release |
| Risk | Medium |
| CWE | |
| WASC | |
| Technologies Targeted | All |
| Tags |
OWASP_2017_A06 OWASP_2021_A04 |
| More Info |
Scan Rule Help |
Summary
At least one link on this page is vulnerable to Reverse tabnabbing as it uses a target attribute without using both of the “noopener” and “noreferrer” keywords in the “rel” attribute, which allows the target page to take control of this page.
Solution
Do not use a target attribute, or if you have to then also add the attribute: rel="noopener noreferrer".Other Info
References
- https://owasp.org/www-community/attacks/Reverse_Tabnabbing
- https://dev.to/ben/the-targetblank-vulnerability-by-example
- https://mathiasbynens.github.io/rel-noopener/
- https://medium.com/@jitbit/target-blank-the-most-underestimated-vulnerability-ever-96e328301f4c