Description

Manual confirmation is required for this alert.

Same Origin Method Execution (SOME) is a web application attack which abuses callback endpoints by forcing a victim into executing arbitrary scripting methods of any page on the endpoint's domain.

Remediation

Same Origin Method Execution (SOME) can be mitigated using static callbacks, a white-list approach or cross-domain messaging. Consult Web references for more information about Mitigation and Fix.

References

Same origin method execution (SOME)

Same Origin Method Execution (BlackHat EU2014)

Related Vulnerabilities

Joomla Improper Input Validation Vulnerability (CVE-2013-5576)

Squid Improper Input Validation Vulnerability (CVE-2016-2572)

RubyGems Improper Input Validation Vulnerability (CVE-2017-0900)

PHP preg_replace used on user input

Joomla Improper Input Validation Vulnerability (CVE-2006-4468)

Severity

Medium

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Abuse Of Functionality