JSONP Injection
high Web Application Scanning Plugin ID 112805
Synopsis
JSONP InjectionDescription
JSONP (JSON with Padding) is a JavaScript technique that allows you to query data from a server without worrying about cross-domain issues by using the tag scripts rather than the XMLHttpRequest object and thus not worrying about the browser's same-origin-policy restrictions. Due to the nature of JSONP not to apply origin control, depending on the server's response to the request, this feature can be abused by an attacker to steal sensitive information from the user and in some cases, also lead to arbitrary JavaScript code execution (Cross-Site Scripting).Solution
It is not recommended to use JSONP for sensitive endpoints because JSONP is designated by default to bypass the same-origin-policy. It is better to use the CORS mechanism with a strict control on the origin of the request.See Also
https://securitycafe.ro/2017/01/18/practical-jsonp-injection/
Plugin Details
Severity: High
ID: 112805
Type: remote
Family: Web Applications
Published: 6/14/2021
Updated: 11/26/2021
Scan Template: scan, pci, api
Risk Information
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score Source: Tenable
CVSS v3
Risk Factor: High
Base Score: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CVSS Score Source: Tenable
Reference Information
CWE: 829
WASC: Application Misconfiguration
HIPAA: 164.306(a)(1), 164.306(a)(2)
CAPEC: 175, 201, 228, 251, 252, 253, 263, 549, 660
DISA STIG: APSC-DV-002630
OWASP: 2010-A6, 2013-A5, 2017-A6, 2021-A8
OWASP API: 2019-API7
OWASP ASVS: 4.0.2-12.3.6
PCI-DSS: 3.2-6.5.8
ISO: 27001-A.14.2.5
NIST: sp800_53-SI-10(5)