Insecure Inline Frame
Impact: Medium
Description
When an inline frame tag (<iframe>
) on a webpage references an external resource without the sandbox
attribute set, it allows the external URL to manipulate the content within the frame. This can potentially trick users into performing unintended actions, such as submitting passwords or interacting with malicious content.
Recommendation
Mitigate this risk by setting the sandbox
attribute for iframes that reference external URLs. The sandbox
attribute provides a restricted environment for the iframe’s content, limiting its capabilities and enhancing security.
References
👉 You might also like:
Insecure Deserialization Remote Code Execution - Vulnerability
Insecure Deserialization - Vulnerability
Missing or Insecure Cache-Control Header - Vulnerability
X-Frame-Options Header is Missing - Vulnerability
Last updated on May 13, 2024