MJedr
commented
1 year ago I have detected that your website is vulnerable to this vulnerability.
Vulnerability Report 02 : Account Takeover Due To Target="blank" with no REL tag
Vulnerable URL : https://inspirehep.net/
It is a computer exploit which persuades users to submit their login details and passwords. The attack takes advantage of user trust and inattention to detail in regard to tabs, and the ability of browsers to navigate across a page's origin in inactive tabs a long time after the page is loaded. This attack will be done even if JavaScript is disabled, using the "meta refresh" meta element, an HTML attribute used for page redirection that causes a reload of a specified new page after a given time interval. The attack takes advantage of the trust of the victim and the ability of modern web pages to rewrite tabs and their contents for a long time after the page has been loaded.
https://rt.inspirehep.net/Ticket/Display.html?id=1374720
probably we should add tags
rel="noreferrer noopener"to the homepage links that havetarget=_blank