Detailedlikelihood: Highseverity: HighDraft

CAPEC-32XSS Through HTTP Query Strings

Abstraction
Detailed
Status
Draft
Likelihood
High
Severity
High

Description

An adversary embeds malicious script code in the parameters of an HTTP query string and convinces a victim to submit the HTTP request that contains the query string to a vulnerable web application. The web application then procedes to use the values parameters without properly validation them first and generates the HTML code that will be executed by the victim's browser.

Related weaknesses· 1

CWE-80

Related attack patterns· 3

CAPEC-591 (ChildOf)CAPEC-588 (ChildOf)CAPEC-592 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)cwe-80100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
XSS Through HTTP Headers
CAPEC
Cross-Site Scripting (XSS)
CAPEC
Reflected XSS
CAPEC
XSS Targeting URI Placeholders
CAPEC
XSS Targeting HTML Attributes
CAPEC
DOM-Based XSS
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.