Description
When an inline frame tag (<iframe>) on a webpage references an external resource without the sandbox attribute set, it allows the external URL to manipulate the content within the frame. This can potentially trick users into performing unintended actions, such as submitting passwords or interacting with malicious content.
Recommendation
Mitigate this risk by setting the sandbox attribute for iframes that reference external URLs. The sandbox attribute provides a restricted environment for the iframe’s content, limiting its capabilities and enhancing security.
References
Related Issues
- Insecure Default Configuration in redbird - Vulnerability
- Insecure Default Configuration in tesseract.js - Vulnerability
- Insecure password handling vulnerability in Strapi - CVE-2021-46440
- Insecure Direct Object Reference (IDOR) - Vulnerability
- Tags:
- Cross-Origin Resource Sharing
Anything's wrong? Let us know Last updated on May 13, 2024