Insecure Third Party Domain Access

Thank you for visiting We recently migrated our community to a new web platform and regretably the content for this page needed to be programmatically ported from its previous wiki page. There’s still some work to be done.

Vulnerabilities Table of Contents


Occurs when an application contains content provided from a 3rd party resource that is delivered without any type of content scrub.

Environments Affected

  • Web servers
  • Application servers
  • Client Machines

Risk Factors

  • Allowing hosted content from an untrusted server into a trusted application: affecting the server, server environment, and client machine.
  • No confirmation of Third Party Controls.


This following example is a common method to insert third party hosted content into a trusted an application. If the hosting site is vulnerable to attack, all content delivered to an application would be vulnerable malicious changes.

<iframe src="" width="720" height="420"
marginwidth="0" marginheight="0" scrolling="Auto" frameborder="0"></iframe>





Category:Vulnerability Category:OWASP ASDR Project