Details
Alert Id 10108
Alert Type Passive
Status beta
Risk
CWE
WASC
Tags OWASP_2017_A06
OWASP_2021_A04

Summary

At least one link on this page is vulnerable to Reverse tabnabbing as it uses a target attribute without using both of the “noopener” and “noreferrer” keywords in the “rel” attribute, which allows the target page to take control of this page.

Solution

Do not use a target attribute, or if you have to then also add the attribute: rel='noopener noreferrer'.

References

Code

org/zaproxy/zap/extension/pscanrulesBeta/LinkTargetScanRule.java