Download Netsparker
Pricing
Blog
Contact
Netsparker

Frame Injection Web Application Security Vulnerability

Netsparker detected frame injection, which occurs when a frame on a vulnerable web page displays another web page via a user-controllable input.

Impact

An attacker might use this vulnerability to redirect users to other malicious websites that are used for phishing and similar attacks.

Remedy

  • Where possible do not use users' input for URLs.
  • If you definitely need dynamic URLs, make a list of valid accepted URLs and do not accept other URLs.
  • Ensure that you only accept URLs which are located on accepted domains.

External References


Go back to the Complete list of Vulnerability Checks.