Statements (52)
Predicate | Object |
---|---|
gptkbp:instanceOf |
gptkb:security
|
gptkbp:abbreviation |
gptkb:XSS
|
gptkbp:affects |
web applications
|
gptkbp:allows |
attacker to inject malicious scripts
|
gptkbp:can_be_exploited_by |
automated bots
malicious users |
gptkbp:canBe |
gptkb:man-in-the-browser_attacks
social engineering credential theft spamming drive-by downloads keylogging browser exploitation browser fingerprinting bypassing access controls bypassing same-origin policy clickjacking defacing websites exfiltrating data exploiting browser vulnerabilities injecting advertisements installing browser extensions modifying web content redirecting users session fixation spreading worms stealing authentication tokens tracking users |
gptkbp:cause |
phishing attacks
malware distribution session hijacking defacement of websites theft of cookies |
gptkbp:detects |
web application scanners
|
gptkbp:exploits |
trust of user in website
|
gptkbp:firstDescribed |
2000
|
https://www.w3.org/2000/01/rdf-schema#label |
cross-site scripting (XSS)
|
gptkbp:listedOn |
gptkb:OWASP_Top_10
|
gptkbp:mitigatedBy |
input sanitization
HTTPOnly cookies escaping special characters output sanitization using secure frameworks |
gptkbp:prevention |
gptkb:Content_Security_Policy
input validation output encoding |
gptkbp:target |
web browsers
|
gptkbp:type |
gptkb:DOM-based_XSS
gptkb:reflected_XSS stored XSS |
gptkbp:bfsParent |
gptkb:Web_Storage
|
gptkbp:bfsLayer |
5
|