Description

Manual confirmation is required for this alert.

Same Origin Method Execution (SOME) is a web application attack which abuses callback endpoints by forcing a victim into executing arbitrary scripting methods of any page on the endpoint's domain.

Remediation

Same Origin Method Execution (SOME) can be mitigated using static callbacks, a white-list approach or cross-domain messaging. Consult Web references for more information about Mitigation and Fix.

References

Same origin method execution (SOME)

Same Origin Method Execution (BlackHat EU2014)

Related Vulnerabilities

PHP Improper Input Validation Vulnerability (CVE-2007-2509)

Deserialization of Untrusted Data (Java JSON Deserialization) Jackson

SharePoint Improper Input Validation Vulnerability (CVE-2020-1025)

WordPress Plugin Flamingo CSV Injection (2.1)

Squid Improper Input Validation Vulnerability (CVE-2020-8517)

Severity

Medium

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Abuse Of Functionality