CAPEC-86: XSS Through HTTP Headers

ID CAPEC-86

Typical Severity Very High

Likelihood Of Attack High

Status Draft

An adversary exploits web applications that generate web content, such as links in a HTML page, based on unvalidated or improperly validated data submitted by other actors. XSS in HTTP Headers attacks target the HTTP headers which are hidden from most users and may not be validated by web applications.

https://capec.mitre.org/data/definitions/86.html

Weaknesses

# ID	Name	Type
CWE-80	Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)	weakness