360 – Clickjacking
Description
The application can be embedded in malicious iframes allowing an attacker to hijack the user clicks to perform actions without the user consent.
Impact
Hijack the user clicks to execute unintended actions.
Recommendation
Set the frame-ancestors policy in the Content Security Policy using a secure configuration.
Threat
Anonymous attacker from Internet.
Expected Remediation Time
Score 4.0
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
- Attack vector: N
- Attack complexity: L
- Attack Requirements: N
- Privileges required: N
- User interaction: A
- Confidentiality (VC): N
- Integrity (VI): L
- Availability (VA): N
- Confidentiality (SC): N
- Integrity (SI): N
- Availability (SA): N
Threat 4.0
- Exploit maturity: A