Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-245:XSS Using Doubled Characters
Attack Pattern ID:245
Version:v3.9
Attack Pattern Name:XSS Using Doubled Characters
Abstraction:Detailed
Status:Draft
Likelihood of Attack:
Typical Severity:Medium
DetailsContent HistoryRelated WeaknessesReports
1Weaknesses found
CWE-85
Doubled Character XSS Manipulations
ShareView Details
Doubled Character XSS Manipulations
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Variant
Found in2CVEs

The web application does not filter user-controlled input for executable script disguised using doubling of the involved characters.

Impacts-
Read Application DataExecute Unauthorized Code or Commands
Tags-
Output EncodingAttack Surface ReductionExecute Unauthorized Code or Commands (impact)Read Application Data (impact)
As Seen In-
Not Available