DetailedDraft

CAPEC-500WebView Injection

Abstraction
Detailed
Status
Draft

Description

An adversary, through a previously installed malicious application, injects code into the context of a web page displayed by a WebView component. Through the injected code, an adversary is able to manipulate the DOM tree and cookies of the page, expose sensitive information, and can launch attacks against the web application from within the web page.

Related weaknesses· 2

CWE-749CWE-940

Related attack patterns· 1

CAPEC-253 (ChildOf)

Exploits2

TypeTargetConfidenceTier
WeaknessImproper Verification of Source of a Communication Channelcwe-940100%live
WeaknessExposed Dangerous Method or Functioncwe-749100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
WebView Exposure
CAPEC
Android Activity Hijack
CAPEC
Code Injection
CAPEC
DOM-Based XSS
CAPEC
Exploit Script-Based APIs
CAPEC
Code Inclusion
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.