Statements (33)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:security
|
| gptkbp:abbreviation |
gptkb:XSS
|
| gptkbp:affects |
web applications
|
| gptkbp:allows |
attacker to inject malicious scripts
|
| gptkbp:can_be_exploited_by |
automated bots
malicious users |
| gptkbp:category |
client-side attack
injection attack |
| gptkbp:cause |
phishing attacks
data theft website defacement session hijacking |
| gptkbp:detects |
web application scanners
|
| gptkbp:exploits |
trust of user in website
trust of website in user input |
| gptkbp:firstDescribed |
2000
|
| https://www.w3.org/2000/01/rdf-schema#label |
Cross-site scripting (XSS)
|
| gptkbp:listedOn |
gptkb:OWASP_Top_10
|
| gptkbp:mitigatedBy |
input sanitization
HTTPOnly cookies escaping special characters using secure frameworks |
| gptkbp:prevention |
gptkb:Content_Security_Policy
input validation output encoding |
| gptkbp:relatedTo |
gptkb:cross-site_request_forgery_(CSRF)
SQL injection |
| gptkbp:target |
user browsers
|
| gptkbp:type |
gptkb:DOM-based_XSS
gptkb:reflected_XSS stored XSS |
| gptkbp:bfsParent |
gptkb:HTML_Forms
|
| gptkbp:bfsLayer |
5
|