logo

Reverse Tabnabbing

  • Risk:
  • Medium

  • Type:
  • Passive
Summary

At least one link on this page is vulnerable to Reverse tabnabbing as it uses a target attribute without using both of the “noopener” and “noreferrer” keywords in the “rel” attribute, which allows the target page to take control of this page.

Solution

Do not use a target attribute, or if you have to then also add the attribute: rel="noopener noreferrer".

References

https://owasp.org/www-community/attacks/Reverse_Tabnabbing

https://dev.to/ben/the-targetblank-vulnerability-by-example

https://mathiasbynens.github.io/rel-noopener/

https://medium.com/@jitbit/target-blank-the-most-underestimated-vulnerability-ever-96e328301f4c

Free security scan for your website