Reverse Tabnabbing issue with API Developer Portal
search cancel

Reverse Tabnabbing issue with API Developer Portal


Article ID: 189928


Updated On:


CA API Developer Portal


According some Ethical Hackers in API Portal - is not fully protected against reverse tabnabbing .

In the example the link ‘play video’ is linking to an external url, using target=”_blank”, but not providing rel=”noopener”.


Release : 4.x

Component : API PORTAL


We have examined the issue and concluded that all the URLs pointing to the external domain are either pointing to our or domain, both of which are owned by Broadcom 
This is by design and its references to our support pages, community pages, documentation, and some of our static resources like videos.

We do not see this t as a security issue and hence would not be able to publish any CVE for this .
We will add this as a bug in our backlog for portal to address this concern.