CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
- Abstraction:Variant
- Structure:Simple
- Status:Incomplete
- Release Date:2006-07-19
- Latest Modification Date:2025-09-09
Weakness Name
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Description
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.
Common Consequences
Scope: Confidentiality, Integrity, Availability
Impact: Read Application Data, Execute Unauthorized Code or Commands
Notes: An attacker could insert special characters that are processed client-side in the context of the user's session.
Related Weaknesses
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')High