🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Cross Frame Scripting

Cross Frame Scripting (XFS) hides a legitimate website in an iframe. User unknowingly interacts with the iframe white interacting with the UI from another domain.

Remediation

Configure Content Security Policy and disallow framing.

Metadata

  • Severity: low
  • Slug: cross-frame-scripting

CWEs

  • 1021: Improper Restriction of Rendered UI Layers or Frames

OWASP

  • A05:2021: Security Misconfiguration

Available Labs

Open Javascript labs in SecDim Play for this vulnerability.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.