Add window.name= %buster% to prevent UI redressing #2966
Labels
c: Security
For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
Task
Indicates an issue is neither a feature nor a bug and it's purely a "technical" change.
Milestone
This is a best practise/non critical issue, which was reported by Marcus Niemietz, a Web security researcher at the
Ruhr-University Bochum in Germany.
See the attached video for a demo of the hack. It requires a bit of user interaction.
The text was updated successfully, but these errors were encountered: