CAPEC-587: Cross Frame Scripting (XFS)

This attack pattern combines malicious Javascript and a legitimate webpage loaded into a concealed iframe. The malicious Javascript is then able to interact with a legitimate webpage in a manner that is unknown to the user. This attack usually leverages some element of social engineering in that an attacker must convinces a user to visit a web page that the attacker controls.

High

Typical severity

Per MITRE

Not rated

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Detailed

Abstraction

MITRE classification

Overview

CAPEC-587 (Cross Frame Scripting (XFS)) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

CAPEC-587: Cross Frame Scripting (XFS)

Overview

What the attacker needs

Prerequisites

Consequences

How to mitigate it

Examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CAPEC-587?

How do you prevent CAPEC-587?

What weaknesses does CAPEC-587 target?

How severe is CAPEC-587?

References

Defend against CAPEC-587

Overview

What the attacker needs

Prerequisites

Consequences

How to mitigate it

Examples

Related weaknesses

Related attack patterns

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CAPEC-587?

How do you prevent CAPEC-587?

What weaknesses does CAPEC-587 target?

How severe is CAPEC-587?

References

Defend against CAPEC-587