CAPEC-244: XSS Targeting URI Placeholders
ID
CAPEC-244
Typical Severity
High
Likelihood Of Attack
High
Status
Draft
An attack of this type exploits the ability of most browsers to interpret "data", "javascript" or other URI schemes as client-side executable content placeholders. This attack consists of passing a malicious URI in an anchor tag HREF attribute or any other similar attributes in other HTML tags. Such malicious URI contains, for example, a base64 encoded HTML content with an embedded cross-site scripting payload. The attack is executed when the browser interprets the malicious content i.e., for example, when the victim clicks on the malicious link.
Weaknesses
# ID | Name | Type |
---|---|---|
CWE-83 | Improper Neutralization of Script in Attributes in a Web Page | weakness |