CWE-79 (Cross-site Scripting)

GPTKB entity

Statements (42)
Predicate Object
gptkbp:instanceOf gptkb:security
gptkbp:abbreviation gptkb:XSS
gptkbp:affects web applications
browsers
gptkbp:category Input Validation
Output Encoding
gptkbp:cause phishing
code injection
data theft
website defacement
session hijacking
gptkbp:commonAttackVector URL parameters
HTTP headers
form fields
user-supplied input
gptkbp:definedIn gptkb:Common_Weakness_Enumeration
gptkbp:describedBy MITRE CWE database
gptkbp:example injection of malicious JavaScript into a web page
gptkbp:firstPublished 2006
gptkbp:hasType gptkb:DOM-based_XSS
gptkb:reflected_XSS
stored XSS
https://www.w3.org/2000/01/rdf-schema#label CWE-79 (Cross-site Scripting)
gptkbp:impact reputation damage
theft of sensitive data
compromise of user accounts
gptkbp:isTop gptkb:OWASP_Top_10
gptkbp:mitigatedBy gptkb:Content_Security_Policy_(CSP)
secure coding practices
HTTPOnly cookies
gptkbp:name gptkb:Cross-site_Scripting
gptkbp:prevention input validation
output encoding
use of security libraries
gptkbp:referencedIn https://cwe.mitre.org/data/definitions/79.html
https://owasp.org/www-community/attacks/xss/
gptkbp:relatedTo gptkb:CWE-20_(Improper_Input_Validation)
CWE-116 (Improper Encoding or Escaping of Output)
CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page)
gptkbp:vulnerableTo gptkb:CWE-79
gptkbp:bfsParent gptkb:Common_Weakness_Enumeration_(CWE)
gptkbp:bfsLayer 7