Description

This script is possibly vulnerable to Cross Frame Scripting (XFS) attacks.

This is an attack technique used to trick a user into thinking that fake web site content is legitimate data.

Remediation

Your script should filter metacharacters from user input.

References

Cross Frame Scripting

Related Vulnerabilities

WordPress Plugin Page Builder by SiteOrigin Cross-Site Scripting (2.0.4)

WordPress Plugin Event Organiser Cross-Site Scripting (2.12.4)

Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.5)

WordPress Plugin Migration, Backup, Staging-WPvivid Cross-Site Scripting (0.9.55)

WordPress Plugin S3 Video Cross-Site Scripting (0.983)

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

XFS