Statements (28)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
Web security vulnerability
|
| gptkbp:affects |
Web applications
|
| gptkbp:category |
gptkb:Cross-Site_Scripting
|
| gptkbp:cause |
Phishing
Session hijacking Data theft Arbitrary JavaScript execution |
| gptkbp:causedBy |
Unsafe manipulation of DOM
Untrusted user input |
| gptkbp:documentedIn |
gptkb:OWASP
gptkb:CWE-79 |
| gptkbp:example |
document.URL usage
innerHTML assignment location.hash manipulation |
| gptkbp:exploits |
Malicious user input
|
| gptkbp:firstDescribed |
2005
|
| gptkbp:fullName |
Document Object Model Cross-Site Scripting
|
| https://www.w3.org/2000/01/rdf-schema#label |
DOM XSS
|
| gptkbp:impact |
High
|
| gptkbp:mitigatedBy |
Input validation
Output encoding Safe JavaScript APIs |
| gptkbp:relatedTo |
gptkb:Reflected_XSS
gptkb:Stored_XSS |
| gptkbp:requires |
JavaScript enabled
|
| gptkbp:vectorFor |
Client-side
|
| gptkbp:bfsParent |
gptkb:DOM-based_XSS
|
| gptkbp:bfsLayer |
6
|