Cross-site Scripting

GPTKB entity

Statements (51)
Predicate Object
gptkbp:instanceOf Web security vulnerability
gptkbp:abbreviation gptkb:XSS
gptkbp:affects Web applications
gptkbp:category gptkb:OWASP_Top_10
Injection attack
gptkbp:cause Malware distribution
Phishing
Credential theft
Defacement
Session hijacking
gptkbp:detects Web vulnerability scanners
Manual code review
gptkbp:documentedIn gptkb:OWASP
gptkb:CWE-79
gptkb:CVE_database
gptkbp:example <img src=x onerror=alert(1)>
<script>alert('XSS')</script>
gptkbp:exploits Attackers
User input validation flaws
gptkbp:firstDescribed 2000
gptkbp:foundIn Content management systems
Single-page applications
Blogs
Forums
E-commerce sites
Legacy web applications
Modern web applications
https://www.w3.org/2000/01/rdf-schema#label Cross-site Scripting
gptkbp:impact Confidentiality
Integrity
Availability
gptkbp:mitigatedBy Secure coding practices
Framework security features
Web application firewalls
gptkbp:prevention gptkb:Content_Security_Policy
Escaping user input
HTTPOnly cookies
Output encoding
Input sanitization
gptkbp:relatedTo gptkb:Clickjacking
gptkb:Cross-site_Request_Forgery
gptkb:SQL_Injection
gptkbp:requires User interaction
gptkbp:riskFactor High
gptkbp:target Web browsers
End users
gptkbp:type gptkb:DOM-based_XSS
gptkb:Reflected_XSS
gptkb:Stored_XSS
gptkbp:bfsParent gptkb:fire
gptkbp:bfsLayer 4