| Details | |
|---|---|
| Alert ID | 210012-2 |
| Alert Type | Tool |
| Status | alpha |
| Risk | Medium |
| CWE | 451 |
| WASC | |
| Technologies Targeted | All |
| Tags |
CWE-451 OWASP_2021_A01 OWASP_2025_A01 TOOL_PTK |
Summary
Tainted HTML assigned to iframe.srcdoc, enabling DOM-based XSS inside the frame.
Generated by OWASP PTK IAST Module
Solution
• Allow-list iframe targets and avoid writing untrusted URLs to iframe.src/srcdoc. • Use sandbox attributes where possible.Other Info
References
- https://owasp.org/www-community/attacks/Clickjacking
- https://cwe.mitre.org/data/definitions/451.html