Frame Injection Web Application Security Vulnerability
Netsparker detected frame injection, which occurs when a frame on a vulnerable web page displays another web page via a user-controllable input.
An attacker might use this vulnerability to redirect users to other malicious websites that are used for phishing and similar attacks.
- Where possible do not use users' input for URLs.
- If you definitely need dynamic URLs, make a list of valid accepted URLs and do not accept other URLs.
- Ensure that you only accept URLs which are located on accepted domains.