Hello,
I've been reported the next Low vulnerability:
"Open windows with normal hrefs with the tag target="_blank" can modify window.opener.location and replace the parent webpage with something else, even on a different origin. "
It is located on the dropdown menu of the help option up in the nav bar. Could anyone confim me if it has a solution or has been checked?
On the vulnerability it is said that it can be fixed with rel="noopener noreferrer" added to the links to avoid a third party using window.opener.location.assign to exploit this.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.