VariantIncomplete
CWE-942Permissive Cross-domain Security Policy with Untrusted Domains
Category: other
Description
The product uses a web-client protection
mechanism such as a Content Security Policy (CSP) or
cross-domain policy file, but the policy includes untrusted
domains with which the web client is allowed to
communicate.
Common consequences· 1
- Confidentiality / Integrity / Availability / Access Control — Execute Unauthorized Code or Commands, Bypass Protection Mechanism, Read Application Data, Varies by ContextWith an overly permissive policy file, an attacker may be able to bypass the web browser's same-origin policy and conduct many of the same attacks seen in Cross-Site Scripting (CWE-79). An attacker can exploit the weakness to transfer private information from the victim's machine to the attacker, manipulate or steal cookies that may include session information, create malicious requests to a web site on behalf of the victim, or execute malicious code on the end user systems. Other damaging attacks include the disclosure of end user files, installation of Trojan horse programs, redirecting the user to some other page or site, running ActiveX controls (under Microsoft Internet Explorer) from sites that a user perceives as trustworthy, and modifying presentation of content.
Potential mitigations· 3
- [Architecture and Design, Operation]Define a restrictive Content Security Policy [REF-1486] or cross-domain policy file.
- [Architecture and Design, Operation]Avoid using wildcards in the CSP / cross-domain policy file. Any domain matching the wildcard expression will be implicitly trusted, and can perform two-way interaction with the target server.
- [Architecture and Design, Operation]For Flash, modify crossdomain.xml to use meta-policy options such as 'master-only' or 'none' to reduce the possibility of an attacker planting extraneous cross-domain policy files on a server.
References
(incoming)18
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | CVE-2025-13017cve-2025-13017 | 0% | live |
| Vulnerability | CVE-2025-13019cve-2025-13019 | 0% | live |
| Vulnerability | CVE-2025-27909cve-2025-27909 | 0% | live |
| Vulnerability | CVE-2025-43480cve-2025-43480 | 0% | live |
| Vulnerability | CVE-2025-4839cve-2025-4839 | 0% | live |
| Vulnerability | CVE-2026-1181cve-2026-1181 | 0% | live |
| Vulnerability | CVE-2026-22812cve-2026-22812 | 0% | live |
| Vulnerability | CVE-2026-28792cve-2026-28792 | 0% | live |
| Vulnerability | CVE-2026-30924cve-2026-30924 | 0% | live |
| Vulnerability | CVE-2026-32610cve-2026-32610 | 0% | live |
| Vulnerability | CVE-2026-33010cve-2026-33010 | 0% | live |
| Vulnerability | CVE-2026-33043cve-2026-33043 | 0% | live |
| Vulnerability | CVE-2026-34227cve-2026-34227 | 0% | live |
| Vulnerability | CVE-2026-34449cve-2026-34449 | 0% | live |
| Vulnerability | CVE-2026-41056cve-2026-41056 | 0% | live |
| Vulnerability | CVE-2026-44184cve-2026-44184 | 0% | live |
| Vulnerability | CVE-2026-5302cve-2026-5302 | 0% | live |
| Vulnerability | CVE-2026-8948cve-2026-8948 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.