CWE-85 - Doubled Character XSS Manipulations
- Abstraction:Variant
- Structure:Simple
- Status:Draft
- Release Date:2006-07-19
- Latest Modification Date:2023-06-29
Weakness Name
Doubled Character XSS Manipulations
Description
The web application does not filter user-controlled input for executable script disguised using doubling of the involved characters.
Common Consequences
Scope: Confidentiality, Integrity, Availability
Impact: Read Application Data, Execute Unauthorized Code or Commands
Related Weaknesses
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')High
CWE-675Multiple Operations on Resource in Single-Operation Context