CWE-79 (Cross-site Scripting)
GPTKB entity
Statements (42)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:security
|
| gptkbp:abbreviation |
gptkb:XSS
|
| gptkbp:affects |
web applications
browsers |
| gptkbp:category |
Input Validation
Output Encoding |
| gptkbp:cause |
phishing
code injection data theft website defacement session hijacking |
| gptkbp:commonAttackVector |
URL parameters
HTTP headers form fields user-supplied input |
| gptkbp:definedIn |
gptkb:Common_Weakness_Enumeration
|
| gptkbp:describedBy |
MITRE CWE database
|
| gptkbp:example |
injection of malicious JavaScript into a web page
|
| gptkbp:firstPublished |
2006
|
| gptkbp:hasType |
gptkb:DOM-based_XSS
gptkb:reflected_XSS stored XSS |
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-79 (Cross-site Scripting)
|
| gptkbp:impact |
reputation damage
theft of sensitive data compromise of user accounts |
| gptkbp:isTop |
gptkb:OWASP_Top_10
|
| gptkbp:mitigatedBy |
gptkb:Content_Security_Policy_(CSP)
secure coding practices HTTPOnly cookies |
| gptkbp:name |
gptkb:Cross-site_Scripting
|
| gptkbp:prevention |
input validation
output encoding use of security libraries |
| gptkbp:referencedIn |
https://cwe.mitre.org/data/definitions/79.html
https://owasp.org/www-community/attacks/xss/ |
| gptkbp:relatedTo |
gptkb:CWE-20_(Improper_Input_Validation)
CWE-116 (Improper Encoding or Escaping of Output) CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page) |
| gptkbp:vulnerableTo |
gptkb:CWE-79
|
| gptkbp:bfsParent |
gptkb:Common_Weakness_Enumeration_(CWE)
|
| gptkbp:bfsLayer |
7
|