CWE-79

GPTKB entity

Statements (30)
Predicate Object
gptkbp:instanceOf software vulnerability category
gptkbp:abbreviation gptkb:XSS
gptkbp:affects web applications
gptkbp:category Injection flaw
Input validation flaw
gptkbp:cause data theft
malicious script execution
session hijacking
cross-site scripting attacks
gptkbp:describes failure to properly neutralize user-supplied input before including it in web page output
gptkbp:documentedIn gptkb:MITRE
gptkbp:example injection of JavaScript into web page
malicious code in comment fields
gptkbp:firstPublished 2006
https://www.w3.org/2000/01/rdf-schema#label CWE-79
gptkbp:mitigatedBy input validation
output encoding
use of frameworks with built-in XSS protection
gptkbp:name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
gptkbp:partOf gptkb:Common_Weakness_Enumeration
gptkbp:relatedTo CWE-80
CWE-81
CWE-83
gptkbp:url https://cwe.mitre.org/data/definitions/79.html
gptkbp:usedBy software developers
security researchers
penetration testers
gptkbp:vulnerableTo 79
gptkbp:bfsParent gptkb:Cross-site_Scripting
gptkbp:bfsLayer 5