Cross Frame Scripting

Cross Frame Scripting (XFS) hides a legitimate website in an iframe. User unknowingly interacts with the iframe white interacting with the UI from another domain.

Remediation

Configure Content Security Policy and disallow framing.

Metadata

Severity: low
Slug: cross-frame-scripting

CWEs

1021: Improper Restriction of Rendered UI Layers or Frames

OWASP

A05:2021: Security Misconfiguration

Available Labs

Open Typescript labs in SecDim Play for this vulnerability.

medium

CSP.ts

TypeScript Medium Signature

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.