ByteOS Network

CAPEC-592:Stored XSS

Attack Pattern ID:592

Version:v3.9

Attack Pattern Name:Stored XSS

Abstraction:Detailed

Status:Stable

Likelihood of Attack:High

Typical Severity:Very High

Details Content History Related Weaknesses Reports

1Weaknesses found

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

View Details

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Likelihood of Exploit-High

Mapping-Allowed

Abstraction-Base

Found in38699CVEs

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Impacts-

Read Application DataBypass Protection MechanismExecute Unauthorized Code or Commands

Tags-

High exploit Environment Hardening Libraries or Frameworks Input Validation Parameterization Output Encoding Firewall Attack Surface Reduction Enforcement by Conversion Web Based (technology class)Execute Unauthorized Code or Commands (impact)Bypass Protection Mechanism (impact)Read Application Data (impact)

As Seen In-

2019 CWE Top 25 Most Dangerous Software Errors 2021 CWE Top 25 Most Dangerous Software CISQ Data Protection Measures 2020 CWE Top 25 Most Dangerous Software 2022 CWE Top 25 Most Dangerous Software 2023 CWE Top 25 Most Dangerous Software 2024 CWE Top 25 Most Dangerous Software Originally Used by NVD from 2008 to 2016 CWE Cross-section