Statements (30)
Predicate | Object |
---|---|
gptkbp:instanceOf |
software vulnerability category
|
gptkbp:abbreviation |
gptkb:XSS
|
gptkbp:affects |
web applications
|
gptkbp:category |
Injection flaw
Input validation flaw |
gptkbp:cause |
data theft
malicious script execution session hijacking cross-site scripting attacks |
gptkbp:describes |
failure to properly neutralize user-supplied input before including it in web page output
|
gptkbp:documentedIn |
gptkb:MITRE
|
gptkbp:example |
injection of JavaScript into web page
malicious code in comment fields |
gptkbp:firstPublished |
2006
|
https://www.w3.org/2000/01/rdf-schema#label |
CWE-79
|
gptkbp:mitigatedBy |
input validation
output encoding use of frameworks with built-in XSS protection |
gptkbp:name |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
gptkbp:partOf |
gptkb:Common_Weakness_Enumeration
|
gptkbp:relatedTo |
CWE-80
CWE-81 CWE-83 |
gptkbp:url |
https://cwe.mitre.org/data/definitions/79.html
|
gptkbp:usedBy |
software developers
security researchers penetration testers |
gptkbp:vulnerableTo |
79
|
gptkbp:bfsParent |
gptkb:Cross-site_Scripting
|
gptkbp:bfsLayer |
5
|