9 matches found
Reverse Tabnabbing
hfs is vulnerable to reverse tabnabbing. The vulnerability is due to missing rel="noopener noreferrer" when opening web links with target="blank", which allows an attacker to manipulate the original HFS tab via the window.opener property...
HFS user adding a "web link" in HFS is vulnerable to "target=_blank" exploit
Summary When adding a "web link" to the HFS virtual filesystem, the frontend opens it with target="blank" but without the rel="noopener noreferrer" attribute. This allows the opened page to use the window.opener property to change the location of the original HFS tab. Details While most modern...
DOMPurify Open Redirect vulnerability
DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute...
UBUNTU-CVE-2019-25155
DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute...
CVE-2019-6780
The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer...
HackerOne: Reverse Tabnabbing Vulnerability in Outgoing Links
The external links in the reports are not properly handled, using the issue the links can access the openers and replace them with some other page. To Verify the issue, just go to any report which do have any external link and inspect the proceed button. Where the issue lies: rel="noreferrer"...
Infogram: Tabnabbing via window.opener
Hi Team, i would like to report tab nabbing issue on your domain. Details: When you open a link in a new tab target="blank" , the page that opens in a new tab can access the initial tab and change it's location using the window.opener property. PoC: 1.Navigate to...
Instacart: Reverse Tab-nabbing at www.instacart.com/store/partner_recipe?recipe_url=
Summary Instacart at /store/partnerrecipe?recipeurl= endpoint is vulnerable to reverse tabnabbing, since the injected link use target="blank" , this means the page that opens in a new tab can access the initial tab and change its location using the window.opener property. example: Reproduction...
GitLab: Gitlab.com is vulnerable to reverse tabnabbing.
Dear GitLab bug bounty team, Summary --- Gitlab.com is vulnerable to reverse tabnabbing, since you use target="blank" on links in the Environments section. F166659 Why does this vulnerability exist? --- The following link is vulnerable to reverse tabnabbing, because it uses target="blank": This...