1. Home
  2. Weaknesses
  3. CWE-85

CWE-85: Doubled Character XSS Manipulations

ID CWE-85
Abstraction Variant
Structure Simple
Status Draft
Number of CVEs 1
Detail CAPEC Dashboard Vulnerabilities Web & Social
The web application does not filter user-controlled input for executable script disguised using doubling of the involved characters.

Modes of Introduction

Phase Note
Implementation

Applicable Platforms

Type Class Name Prevalence
Language Not Language-Specific

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Base Simple Stable
CWE-1000 Research Concepts Draft CWE-675 Multiple Operations on Resource in Single-Operation Context Class Simple Draft

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org
# ID Name Weaknesses
CAPEC-245 XSS Using Doubled Characters CWE-85

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date