Elevating Cross-Frame Scripting (why it matters more than experts think…)

Are you able to hijack the source of an iFrame, or execute JavaScript inside? This attack (called an XFS attack) typically is considered quite a low vulnerability. Here’s how you can pivot it to a higher severity issue.