Insecure Inline Frame

Impact: Medium

Description

When an inline frame tag (<iframe>) on a webpage references an external resource without the sandbox attribute set, it allows the external URL to manipulate the content within the frame. This can potentially trick users into performing unintended actions, such as submitting passwords or interacting with malicious content.

Recommendation

Mitigate this risk by setting the sandbox attribute for iframes that reference external URLs. The sandbox attribute provides a restricted environment for the iframe’s content, limiting its capabilities and enhancing security.

References

CWE-829
MDN: The Inline Frame element

👉 You might also like:

Insecure Inline Frame

Description

Recommendation

References

Insecure Deserialization Remote Code Execution - Vulnerability

Insecure Deserialization - Vulnerability

Missing or Insecure Cache-Control Header - Vulnerability

X-Frame-Options Header is Missing - Vulnerability

Use SmartScanner Free version to test for this issue