Description

This script is possibly vulnerable to Cross Frame Scripting (XFS) attacks.

This is an attack technique used to trick a user into thinking that fake web site content is legitimate data.

Remediation

Your script should filter metacharacters from user input.

References

Cross Frame Scripting

Related Vulnerabilities

WordPress Plugin WP Banners Lite Cross-Site Scripting (1.40)

WordPress Plugin Real Media Library:Media Library Folder & File Manager Cross-Site Scripting (4.18.28)

WordPress Plugin WP-DownloadManager Cross-Site Scripting (1.67)

WordPress Plugin FV Flowplayer Video Player Cross-Site Scripting (6.0.3.3)

WordPress Plugin Contact Form Clean and Simple Cross-Site Scripting (4.7.0)

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

XFS