CWE-830: Inclusion of Web Functionality from an Untrusted Source

Variant Incomplete Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

The product includes web functionality (such as a web widget) from another domain, which causes it to operate within the domain of the product, potentially granting total access and control of the product to the untrusted source.

常见后果

影响范围: Confidentiality Integrity Availability

技术影响: Execute Unauthorized Code or Commands

引入模式

阶段 说明
Implementation REALIZATION: This weakness is caused during implementation of an architectural security tactic.
关键信息

CWE ID: CWE-830

抽象级别: Variant

结构: Simple

状态: Incomplete

相关弱点
ChildOf CWE-829

Inclusion of Functionality from Untrusted Control Sphere

Base
返回列表