CWE-942
Permissive Cross-domain Security Policy with Untrusted Domains
The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.
Official CWE-942 definition at MITREImpactr finds and proves weaknesses like CWE-942 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist