CWE-830
Inclusion of Web Functionality from an Untrusted Source
The product includes web functionality (such as a web widget) from another domain, which causes it to operate within the domain of the product, potentially granting total access and control of the product to the untrusted source.
Official CWE-830 definition at MITREImpactr finds and proves weaknesses like CWE-830 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist