Statements (30)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
Web security vulnerability
|
| gptkbp:affects |
Web applications
|
| gptkbp:allows |
Injection of malicious scripts
|
| gptkbp:can_be_exploited_by |
Attackers
|
| gptkbp:can_compromise |
Application security
User data |
| gptkbp:cause |
Malware distribution
Credential theft Defacement Phishing attacks Session hijacking |
| gptkbp:detects |
Web vulnerability scanners
|
| gptkbp:exploits |
Lack of input validation
Lack of output encoding |
| gptkbp:firstDescribed |
1990s
|
| gptkbp:hasType |
gptkb:DOM-based_XSS
gptkb:Reflected_XSS gptkb:Stored_XSS |
| https://www.w3.org/2000/01/rdf-schema#label |
XSS (Cross-site scripting)
|
| gptkbp:listedOn |
gptkb:OWASP_Top_Ten
|
| gptkbp:mitigatedBy |
gptkb:Content_Security_Policy
Input validation Escaping user input Output encoding |
| gptkbp:prevention |
Sanitizing user input
Using secure frameworks |
| gptkbp:target |
Web browsers
End users |
| gptkbp:bfsParent |
gptkb:HTML_Script_Element
|
| gptkbp:bfsLayer |
5
|