Description
DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute.
Remediation
References
Related Vulnerabilities
WordPress Plugin Product Lister for Walmart Remote Code Execution (1.0.1)
WordPress Plugin External Links-nofollow, noopener & new window Cross-Site Request Forgery (2.57)
Joomla! Core 3.x.x Multiple Cross-Site Request Forgery Vulnerabilities (3.2.0 - 3.9.15)
WordPress Plugin Pods-Custom Content Types and Fields Multiple Vulnerabilities (2.4.3)