Statements (50)
| Predicate | Object |
|---|---|
| gptkbp:instance_of |
gptkb:Common_Weakness_Enumeration
|
| gptkbp:bfsLayer |
5
|
| gptkbp:bfsParent |
gptkb:CWE-20
|
| gptkbp:affects |
Software applications.
|
| gptkbp:category |
Error Handling
Input Validation and Representation |
| gptkbp:child |
CWE-703.
CWE-754. CWE-755. |
| gptkbp:created_by |
MITRE.
|
| gptkbp:difficulty |
gptkb:High
|
| gptkbp:example |
A mobile app that crashes on low memory.
Failing to check for null pointers. A service that crashes when it receives unexpected data. A script that does not handle unexpected input formats. A desktop application that fails to handle file not found errors. An application that does not handle file read errors. A cloud service that does not check for service availability. A web application that does not validate user input. An API that does not check for authentication errors. A network service that does not handle connection timeouts. A database query that fails without proper error handling. An attacker injecting a script into a web page that is then executed by other users. |
| gptkbp:first_appearance |
CWE-1.0.
|
| gptkbp:has_weakness |
CWE-703.
|
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-703
|
| gptkbp:impact |
Can lead to unexpected behavior or crashes.
Allows attackers to execute scripts in the context of the user's browser. |
| gptkbp:is_described_as |
The software does not properly check for unusual or exceptional conditions.
The software does not properly neutralize or incorrectly neutralizes user input before it is used in web page generation. |
| gptkbp:is_protected_by |
Implement proper error handling.
Implement proper input validation and output encoding. |
| gptkbp:is_referenced_in |
gptkb:API
https://cwe.mitre.org/data/definitions/703.html |
| gptkbp:is_vulnerable_to |
Exploitable in certain conditions.
|
| gptkbp:latest_version |
1.0.
|
| gptkbp:name |
Improper Check for Unusual or Exceptional Conditions
Improper Neutralization of Input During Web Page Generation (' Cross-site Scripting') |
| gptkbp:parent |
CWE-390.
|
| gptkbp:related_to |
gptkb:CWE-703
gptkb:CWE-390 gptkb:CWE-754 gptkb:CWE-755 CWE-390. CWE-703. CWE-754. CWE-755. Cross-site Scripting (XSS) |
| gptkbp:status |
Active.
|
| gptkbp:type |
Weakness.
|