Statements (28)
Predicate | Object |
---|---|
gptkbp:instanceOf |
Web security vulnerability
|
gptkbp:affects |
Web applications
|
gptkbp:category |
gptkb:Cross-Site_Scripting
|
gptkbp:cause |
Phishing
Session hijacking Data theft Arbitrary JavaScript execution |
gptkbp:causedBy |
Unsafe manipulation of DOM
Untrusted user input |
gptkbp:documentedIn |
gptkb:OWASP
gptkb:CWE-79 |
gptkbp:example |
document.URL usage
innerHTML assignment location.hash manipulation |
gptkbp:exploits |
Malicious user input
|
gptkbp:firstDescribed |
2005
|
gptkbp:fullName |
Document Object Model Cross-Site Scripting
|
https://www.w3.org/2000/01/rdf-schema#label |
DOM XSS
|
gptkbp:impact |
High
|
gptkbp:mitigatedBy |
Input validation
Output encoding Safe JavaScript APIs |
gptkbp:relatedTo |
gptkb:Reflected_XSS
gptkb:Stored_XSS |
gptkbp:requires |
JavaScript enabled
|
gptkbp:vectorFor |
Client-side
|
gptkbp:bfsParent |
gptkb:DOM-based_XSS
|
gptkbp:bfsLayer |
6
|