Description
The web page was found to be using an Inline Frame ("iframe") to embed a resource, such as a different web page. The Inline Frame is either configured insecurely, or not as securely as expected. This vulnerability alert is based on the origin of the embedded resource and the iframe's sandbox attribute, which can be used to apply security restrictions as well as exceptions to these restrictions.
Remediation
Review the iframe's purpose and environment, and use the sandbox attribute to secure the iframe while applying sandbox directives to ease security restrictions if necessary.
References
Related Vulnerabilities
CKEditor Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2021-26272)
PHP undefined Safe_Mode_Include_Dir safemode bypass vulnerability
MyBB Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2018-1000502)
PHP allow_url_fopen Is Enabled
Magento Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2019-8154)