Documentation Index
Fetch the complete documentation index at: https://docs.codeant.ai/llms.txt
Use this file to discover all available pages before exploring further.
swift-webview-xss
swift-webview-xss
Potential cross site scripting (XSS) occurs due to untrusted input being loaded into a WebView. The impact of such issues can vary depending on the features, permissions and exposure of data & functionality that the WebView contains. For example, in some applications the presence of JavaScript bridges may allow for the instrumentation of application code, and potentially arbitrary code execution in the context of the app. In other instances, it may be possible to manipulate the DOM to redraw the UI and phish users, or conduct other typical XSS attacks.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-79:Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-79:Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection