Standardlikelihood: Mediumseverity: HighDraft
CAPEC-104Cross Zone Scripting
Abstraction
Standard
Status
Draft
Likelihood
Medium
Severity
High
Description
An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security.
Related weaknesses· 5
Related attack patterns· 1
Exploits5
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Weakness | Improper Input Validationcwe-20 | 100% | live |
| Weakness | Improper Authorizationcwe-285 | 100% | live |
| Weakness | Execution with Unnecessary Privilegescwe-250 | 100% | live |
| Weakness | Not Using Complete Mediationcwe-638 | 100% | live |
| Weakness | Improper Encoding or Escaping of Outputcwe-116 | 100% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.