CAPEC 587 Cross Frame Scripting (XFS)

Draft Detailed Unknown Risk

Severity High

Description

This attack pattern combines malicious Javascript and a legitimate webpage loaded into a concealed iframe. The malicious Javascript is then able to interact with a legitimate webpage in a manner that is unknown to the user. This attack usually leverages some element of social engineering in that an attacker must convinces a user to visit a web page that the attacker controls.

CAPEC 587 Cross Frame Scripting (XFS)

Description

Mitigations

Avoid Clicking On Untrusted Links.

Employ Techniques Such As Frame Busting, Which Is A Method By Which Developers Aim To Prevent Their Site Being Loaded Within A Frame.

Consequences

Security Scopes Affected

Potential Impacts

Relationships

Parent CAPECs

CAPEC 587 Cross Frame Scripting (XFS)

Description

Mitigations

Avoid Clicking On Untrusted Links.

Employ Techniques Such As Frame Busting, Which Is A Method By Which Developers Aim To Prevent Their Site Being Loaded Within A Frame.

Consequences

Security Scopes Affected

Potential Impacts

Relationships

Parent CAPECs

Iscriviti alla newsletter