CAPEC-86: XSS Through HTTP Headers
ID
CAPEC-86
Typical Severity
Very High
Likelihood Of Attack
High
Status
Draft
An adversary exploits web applications that generate web content, such as links in a HTML page, based on unvalidated or improperly validated data submitted by other actors. XSS in HTTP Headers attacks target the HTTP headers which are hidden from most users and may not be validated by web applications.
Weaknesses
# ID | Name | Type |
---|---|---|
CWE-80 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | weakness |