Report #33046

Cross-Site Window Control Allows an Attacker to Control Navigations

Immunefi Response

Unfortunately, after reviewing your report, Immunefi has decided to close it due to the assessed impact being out of scope.

Immunefi review:

• The claimed impact Redirecting users to malicious websites by the whitehat is in the scope of the bug bounty program but the assessed impact doesn't match with the claimed impact for the following reasons.
• After the review, we determined that the described issue falls out of scope because it requires the victim to visit an attacker-controlled malicious website that performs the redirect, rather than the asset in scope performing the redirect. Therefore, the issue is not applicable.
• assessed asset by the triage team is in scope for the bug bounty program
• PoC has been submitted to the project

Please note that the project will receive a report of the closed submission and may choose to re-open it, but they are not obligated to do so.