Description

This script is possibly vulnerable to Cross Frame Scripting (XFS) attacks.

This is an attack technique used to trick a user into thinking that fake web site content is legitimate data.

Remediation

Your script should filter metacharacters from user input.

References

Cross Frame Scripting

Related Vulnerabilities

WordPress Plugin Border Loading Bar Multiple Cross-Site Scripting Vulnerabilities (1.0)

WordPress Plugin XO Event Calendar Cross-Site Scripting (2.3.6)

WordPress Plugin WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Multiple Vulnerabilities (7.5.14)

WordPress Plugin Best Image Gallery & Responsive Photo Gallery-FooGallery Cross-Site Scripting (1.9.24)

WordPress Plugin WP Fastest Cache Multiple Vulnerabilities (0.8.5.8)

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

XFS