Use of Web Link to Untrusted Target with window.opener Access
| Property | |
|---|---|
| Language | generic |
| Severity |  |
| CWE | CWE-1022: Use of Web Link to Untrusted Target with window.opener Access |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
Using links with target="_blank" without adding rel=“noopener noreferrer” lets the new page access the original page via window.opener. This can expose your site to malicious actions from external or untrusted pages.
Impact#
If exploited, an attacker could manipulate the original page or redirect users to phishing sites by taking control through window.opener. This can lead to data theft, session hijacking, or loss of user trust in your application.