Detailedseverity: MediumDraft

CAPEC-198XSS Targeting Error Pages

Abstraction
Detailed
Status
Draft
Severity
Medium

Description

An adversary distributes a link (or possibly some other query structure) with a request to a third party web server that is malformed and also contains a block of exploit code in order to have the exploit become live code in the resulting error page. Metadata: detailed CAPEC pattern, status draft, severity medium. Underlying weakness: CWE-81. Related CAPEC patterns: [object Object], [object Object], [object Object].

Related weaknesses· 1

CWE-81

Related attack patterns· 3

CAPEC-591 (ChildOf)CAPEC-592 (ChildOf)CAPEC-588 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Script in an Error Message Web Pagecwe-81100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
XSS Through HTTP Query Strings
CAPEC
XSS Targeting HTML Attributes
CAPEC
Stored XSS
CAPEC
XSS Through HTTP Headers
CAPEC
XSS Targeting URI Placeholders
CAPEC
XSS Targeting Non-Script Elements
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.