Is there a term for vulnerabilities the need 'help' from target vs vulnerabilities that can be exploited with no actions from the target?

Question

I'm making a guideline for a bug bounty program and want to distinguish between bugs that require some kind of action on the target's behalf (eg clicking a suspicious link), vs vulnerabilities that can be exploited without any actions from the user (eg, SQL injection that gives you users' credentials).

I don't necessarily mean phishing, just any vulnerability depending on action from the user rather than one that can be done 'cold', if that makes sense.

Does such terminology already exist?

score 2 · Accepted Answer · answered Oct 17 '20 at 21:14

2

I would describe such vulnerability as needing user interaction.

This is also the term used by CVSS to describe it,

answered Oct 17 '20 at 21:14

Ángel

18,824
3
28
65

Is there a term for vulnerabilities the need 'help' from target vs vulnerabilities that can be exploited with no actions from the target?

1 Answers1