Insecure Inline Frame
Impact: Medium
Description
An inline frame tag (iframe
) on the page refers to an external resource, and no sandbox
is set. This allows the external URL to trick users into doing unwanted actions like submitting passwords.
Recommendation
Set sandbox
attribute for iframes with external URL.
References
👉 You might also like:
X-Frame-Options Header is Missing - Vulnerability
Insecure Deserialization Remote Code Execution - Vulnerability
Insecure Deserialization - Vulnerability
Missing or Insecure Cache-Control Header - Vulnerability
Last updated on February 15, 2023