Missing rel=noreferrer tag allows link in list to change url of currently open tab

Disclosed: 2016-09-12 19:59:15 By cablej To instacart
Unknown
Vulnerability Details
Hi, When adding links to lists, there is no rel=noreferrer tag present, allowing a linked page to change the url of the currently open tab. This can open the doors for phishing attacks, as users trust the tab that contained instacart. As an example, see my list at https://inst.cr/t/1QmLPG. Clicking the link, which opens in a new tab, will change the url of the currently open tab to http://example.com. Thank you for your time, and please let me know if you have any questions.
Actions
View on HackerOne
Report Stats
  • Report ID: 158002
  • State: Closed
  • Substate: resolved
  • Upvotes: 4
Share this report