Insecure Third Party Domain Access
This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.
Last revision (mm/dd/yy): 12/13/2008
Occurs when an application contains content provided from a 3rd party resource that is delivered without any type of content scrub.
- Web servers
- Application servers
- Client Machines
- Allowing hosted content from an untrusted server into a trusted application: affecting the server, server environment, and client machine.
- No confirmation of Third Party Controls.
This following type of development uses an iframe to insert a third party hosted flash into a trusted an application. The site hosting the content could vulnerable to attack. As such, all content hosted on that site would be vulnerable to inheriting malicious content.
<iframe src="http://site.com/share/Action.swf" width="720" height="420" marginwidth="0" marginheight="0" scrolling="Auto" frameborder="0"></iframe>