Lucene search
+L

9 matches found

Veracode
Veracode
added 2025/09/01 12:16 p.m.6 views

Reverse Tabnabbing

hfs is vulnerable to reverse tabnabbing. The vulnerability is due to missing rel="noopener noreferrer" when opening web links with target="blank", which allows an attacker to manipulate the original HFS tab via the window.opener property...

7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/08/12 12:13 a.m.13 views

HFS user adding a "web link" in HFS is vulnerable to "target=_blank" exploit

Summary When adding a "web link" to the HFS virtual filesystem, the frontend opens it with target="blank" but without the rel="noopener noreferrer" attribute. This allows the opened page to use the window.opener property to change the location of the original HFS tab. Details While most modern...

6.5AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/14 9:30 p.m.25 views

DOMPurify Open Redirect vulnerability

DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute...

6.1CVSS7AI score0.00508EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/11/07 3:9 a.m.4 views

UBUNTU-CVE-2019-25155

DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute...

6.1CVSS5.8AI score0.00508EPSS
Exploits0References3
OSV
OSV
added 2019/01/24 8:29 p.m.8 views

CVE-2019-6780

The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer...

6.1CVSS6.3AI score0.04924EPSS
Exploits5References3
Hacker One
Hacker One
added 2017/10/30 11:22 a.m.69 views

HackerOne: Reverse Tabnabbing Vulnerability in Outgoing Links

The external links in the reports are not properly handled, using the issue the links can access the openers and replace them with some other page. To Verify the issue, just go to any report which do have any external link and inspect the proceed button. Where the issue lies: rel="noreferrer"...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2017/10/19 1:35 p.m.19 views

Infogram: Tabnabbing via window.opener

Hi Team, i would like to report tab nabbing issue on your domain. Details: When you open a link in a new tab target="blank" , the page that opens in a new tab can access the initial tab and change it's location using the window.opener property. PoC: 1.Navigate to...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2017/05/12 5:17 a.m.42 views

Instacart: Reverse Tab-nabbing at www.instacart.com/store/partner_recipe?recipe_url=

Summary Instacart at /store/partnerrecipe?recipeurl= endpoint is vulnerable to reverse tabnabbing, since the injected link use target="blank" , this means the page that opens in a new tab can access the initial tab and change its location using the window.opener property. example: Reproduction...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2017/03/06 10:41 a.m.118 views

GitLab: Gitlab.com is vulnerable to reverse tabnabbing.

Dear GitLab bug bounty team, Summary --- Gitlab.com is vulnerable to reverse tabnabbing, since you use target="blank" on links in the Environments section. F166659 Why does this vulnerability exist? --- The following link is vulnerable to reverse tabnabbing, because it uses target="blank": This...

1.7AI score
Exploits0
Rows per page
Query Builder