Description

This script is possibly vulnerable to Cross Frame Scripting (XFS) attacks.

This is an attack technique used to trick a user into thinking that fake web site content is legitimate data.

Remediation

Your script should filter metacharacters from user input.

References

Cross Frame Scripting

Related Vulnerabilities

WordPress Plugin eCommerce Product Catalog for WordPress Cross-Site Scripting (3.0.38)

WordPress Plugin CalendApp Cross-Site Scripting (1.1)

WordPress Plugin Custom Post Type UI 'wp-admin/admin.php' Cross-Site Scripting (0.7)

WordPress Plugin Simple Matted Thumbnails Cross-Site Scripting (1.01)

WordPress Plugin Scoutnet Kalender Cross-Site Scripting (1.1.0)

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

XFS