CAPEC-32: XSS Through HTTP Query Strings
ID
CAPEC-32
Typical Severity
High
Likelihood Of Attack
High
Status
Draft
An adversary embeds malicious script code in the parameters of an HTTP query string and convinces a victim to submit the HTTP request that contains the query string to a vulnerable web application. The web application then procedes to use the values parameters without properly validation them first and generates the HTML code that will be executed by the victim's browser.
Weaknesses
# ID | Name | Type |
---|---|---|
CWE-80 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | weakness |