Details
Alert Id 10108
Alert Type Passive Scan Rule
Status beta
Risk
CWE
WASC

Summary

At least one link on this page is vulnerable to Reverse tabnabbing as it uses a target attribute without using both of the “noopener” and “noreferrer” keywords in the “rel” attribute, which allows the target page to take control of this page.

Solution

Do not use a target attribute, or if you have to then also add the attribute: rel='noopener noreferrer'.

References

Code

org/zaproxy/zap/extension/pscanrulesBeta/LinkTargetScanRule.java