Reverse tabnabbing
Description
The system allows the introduction of a link to an external site controlled by a malicious actor. This site can then redirect the user to a different site in the original tab, making it look like a legitimate redirect performed by the system.
Impact
Redirect to the user to an external site controlled by a malicious actor in the tab where original site was, leading to a phishing attack.
Recommendation
Set the attribute rel with the noopener and noreferrer value in each external link.
Threat
Anonymous attacker from local network.
Expected Remediation Time
⏱️ 15 minutes.
Fixes
Score
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
A
Attack complexity
L
Attack requirements
N
Privileges required
N
User interaction
A
Confidentiality (VC)
N
Integrity (VI)
L
Availability (VA)
N
Confidentiality (SC)
N
Integrity (SI)
L
Availability (SA)
N
Threat 4.0
Exploit maturity
X
Vector string
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N