CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
- 摘要:Variant
- 结构:Simple
- 状态:Incomplete
- 发布日期:2006-07-19
- 更新日期:2025-12-11
名称
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
描述
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.
常见后果
范围:Confidentiality, Integrity, Availability
影响:Read Application Data, Execute Unauthorized Code or Commands
注释:An attacker could insert special characters that are processed client-side in the context of the user's session.