Download Netsparker
Pricing
Blog
Contact
Netsparker

Open Policy Crossdomain.xml File Detected

Netsparker detected an open policy Crossdomain.xml file.

Impact

Open policy Crossdomain.xml file allows other SWF files to make HTTP requests to your web server and see its response. This can be used for accessing one time tokens and CSRF nonces to bypass CSRF restrictions.

Remedy

Configure your Crossdomain.xml to prevent access from everywhere to your domain.

External References


Go back to the Complete list of Vulnerability Checks.