Path Relative Stylesheet Import

info Web App Scanning Plugin ID 114466

Synopsis

Path Relative Stylesheet Import

Description

A Path Relative Style Sheet Import occurs when the application imports a style sheet via a relative URL and uses user input in the file name. This vulnerability mainly affects older browsers such as Internet Explorer and allows an attacker to exploit the way the browser handles stylesheet imports in order to perform CSS Injection.

Solution

It is preferable not to use path-related URLs in stylesheet imports, and also to use the 'X-Content-Type-Options: nosnif' and 'X-Frame-Options: deny' headers.

See Also

https://csplite.com/csp290/

Plugin Details

Severity: Info

ID: 114466

Type: remote

Family: Injection

Published: 10/30/2024

Updated: 10/31/2024

Scan Template: basic, full, pci, scan