Description

This script is possibly vulnerable to Cross Frame Scripting (XFS) attacks.

This is an attack technique used to trick a user into thinking that fake web site content is legitimate data.

Remediation

Your script should filter metacharacters from user input.

References

Cross Frame Scripting

Related Vulnerabilities

WordPress Plugin Alert Before Your Post Cross-Site Scripting (0.1.1)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.68)

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Cross-Site Scripting (3.7.2.2)

WordPress Plugin Game Server Status Multiple Vulnerabilities (1.0)

WordPress Plugin Genesis Simple Share Cross-Site Scripting (1.0.6)

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

XFS