Insecure Third Party Domain Access


Occurs when an application contains content provided from a 3rd party resource that is delivered without any type of content scrub.

Environments Affected

  • Web servers
  • Application servers
  • Client Machines

Risk Factors

  • Allowing hosted content from an untrusted server into a trusted application: affecting the server, server environment, and client machine.
  • No confirmation of Third Party Controls.


This following example is a common method to insert third party hosted content into a trusted an application. If the hosting site is vulnerable to attack, all content delivered to an application would be vulnerable malicious changes.

<iframe src="" width="720" height="420"
        marginwidth="0" marginheight="0" scrolling="Auto" frameborder="0">