CAPEC-111 : JSON Hijacking (aka JavaScript Hijacking)

An attacker targets a system that uses JavaScript Object Notation (JSON) as a transport mechanism between the client and the server (common in Web 2.0 systems using AJAX) to steal possibly confidential information transmitted from the server back to the client inside the JSON object by taking advantage of the loophole in the browser's Same Origin Policy that does not prohibit JavaScript from one website to be included and executed in the context of another website.

https://capec.mitre.org/data/definitions/111.html

Related CWE definitions

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
The product does not properly verify that the source of data or communication is valid.
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Please note that CAPEC definitions are provided as a quick reference only. Visit http://capec.mitre.org/ for a complete list of CAPEC entries and more information.
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close