terminology – Is there a term for vulnerabilities the need ‘help’ from target vs vulnerabilities that can be exploited with no actions from the target?


I’m making a guideline for a bug bounty program and want to distinguish between bugs that require some kind of action on the target’s behalf (eg clicking a suspicious link), vs vulnerabilities that can be exploited without any actions from the user (eg, SQL injection that gives you users’ credentials).

I don’t necessarily mean phishing, just any vulnerability depending on action from the user rather than one that can be done ‘cold’, if that makes sense.

Does such terminology already exist?