VariantIncomplete

CWE-830Inclusion of Web Functionality from an Untrusted Source

Category: other

Description

The product includes web functionality (such as a web widget) from another domain, which causes it to operate within the domain of the product, potentially granting total access and control of the product to the untrusted source.

Common consequences· 1

  • Confidentiality / Integrity / Availability — Execute Unauthorized Code or Commands

References

  1. https://cwe.mitre.org/data/definitions/830.html

(incoming)1

TypeTargetConfidenceTier
VulnerabilityCVE-2025-64496cve-2025-644960%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Inclusion of Functionality from Untrusted Control Sphere
CWE
Permissive Cross-domain Security Policy with Untrusted Domains
CWE
Download of Code Without Integrity Check
CWE
Improper Control of Resource Identifiers ('Resource Injection')
CWE
Exposure of Sensitive Information to an Unauthorized Actor
CWE
Exposure of Resource to Wrong Sphere
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.