Statements (51)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:Web_security_vulnerability
|
| gptkbp:abbreviation |
gptkb:XSS
|
| gptkbp:affects |
Web applications
|
| gptkbp:category |
gptkb:OWASP_Top_10
Injection attack |
| gptkbp:cause |
Malware distribution
Phishing Credential theft Defacement Session hijacking |
| gptkbp:detects |
Web vulnerability scanners
Manual code review |
| gptkbp:documentedIn |
gptkb:OWASP
gptkb:CWE-79 gptkb:CVE_database |
| gptkbp:example |
<img src=x onerror=alert(1)>
<script>alert('XSS')</script> |
| gptkbp:exploits |
Attackers
User input validation flaws |
| gptkbp:firstDescribed |
2000
|
| gptkbp:foundIn |
Content management systems
Single-page applications Blogs Forums E-commerce sites Legacy web applications Modern web applications |
| gptkbp:impact |
Confidentiality
Integrity Availability |
| gptkbp:mitigatedBy |
Secure coding practices
Framework security features Web application firewalls |
| gptkbp:prevention |
gptkb:Content_Security_Policy
Escaping user input HTTPOnly cookies Output encoding Input sanitization |
| gptkbp:relatedTo |
gptkb:Clickjacking
gptkb:Cross-site_Request_Forgery gptkb:SQL_Injection |
| gptkbp:requires |
User interaction
|
| gptkbp:riskFactor |
High
|
| gptkbp:target |
Web browsers
End users |
| gptkbp:type |
gptkb:DOM-based_XSS
gptkb:Reflected_XSS gptkb:Stored_XSS |
| gptkbp:bfsParent |
gptkb:CWE-79_(Cross-site_Scripting)
|
| gptkbp:bfsLayer |
8
|
| https://www.w3.org/2000/01/rdf-schema#label |
Cross-site Scripting
|