Detailedseverity: HighDraft

CAPEC-587Cross Frame Scripting (XFS)

Abstraction
Detailed
Status
Draft
Severity
High

Description

This attack pattern combines malicious Javascript and a legitimate webpage loaded into a concealed iframe. The malicious Javascript is then able to interact with a legitimate webpage in a manner that is unknown to the user. This attack usually leverages some element of social engineering in that an attacker must convinces a user to visit a web page that the attacker controls.

Related weaknesses· 1

CWE-1021

Related attack patterns· 1

CAPEC-103 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessImproper Restriction of Rendered UI Layers or Framescwe-1021100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Cross-Site Scripting (XSS)
CAPEC
Reflected XSS
CAPEC
Cross Site Request Forgery
CAPEC
Cross-Site Flashing
CAPEC
iFrame Overlay
CAPEC
Cross Zone Scripting
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.