CWE-79 (Cross-site Scripting)
GPTKB entity
Statements (42)
Predicate | Object |
---|---|
gptkbp:instanceOf |
gptkb:security
|
gptkbp:abbreviation |
gptkb:XSS
|
gptkbp:affects |
web applications
browsers |
gptkbp:category |
Input Validation
Output Encoding |
gptkbp:cause |
phishing
code injection data theft website defacement session hijacking |
gptkbp:commonAttackVector |
URL parameters
HTTP headers form fields user-supplied input |
gptkbp:definedIn |
gptkb:Common_Weakness_Enumeration
|
gptkbp:describedBy |
MITRE CWE database
|
gptkbp:example |
injection of malicious JavaScript into a web page
|
gptkbp:firstPublished |
2006
|
gptkbp:hasType |
gptkb:DOM-based_XSS
gptkb:reflected_XSS stored XSS |
https://www.w3.org/2000/01/rdf-schema#label |
CWE-79 (Cross-site Scripting)
|
gptkbp:impact |
reputation damage
theft of sensitive data compromise of user accounts |
gptkbp:isTop |
gptkb:OWASP_Top_10
|
gptkbp:mitigatedBy |
gptkb:Content_Security_Policy_(CSP)
secure coding practices HTTPOnly cookies |
gptkbp:name |
gptkb:Cross-site_Scripting
|
gptkbp:prevention |
input validation
output encoding use of security libraries |
gptkbp:referencedIn |
https://cwe.mitre.org/data/definitions/79.html
https://owasp.org/www-community/attacks/xss/ |
gptkbp:relatedTo |
gptkb:CWE-20_(Improper_Input_Validation)
CWE-116 (Improper Encoding or Escaping of Output) CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page) |
gptkbp:vulnerableTo |
gptkb:CWE-79
|
gptkbp:bfsParent |
gptkb:Common_Weakness_Enumeration_(CWE)
|
gptkbp:bfsLayer |
7
|