Detailedlikelihood: Highseverity: Very HighStable

CAPEC-591Reflected XSS

Abstraction
Detailed
Status
Stable
Likelihood
High
Severity
Very High

Description

This type of attack is a form of Cross-Site Scripting (XSS) where a malicious script is "reflected" off a vulnerable web application and then executed by a victim's browser. The process starts with an adversary delivering a malicious script to a victim and convincing the victim to send the script to the vulnerable web application.

Related weaknesses· 1

CWE-79

Related attack patterns· 1

CAPEC-63 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')cwe-79100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
XSS Through HTTP Query Strings
CAPEC
Cross-Site Scripting (XSS)
CAPEC
DOM-Based XSS
CAPEC
Stored XSS
CAPEC
XSS Through HTTP Headers
CAPEC
XSS Targeting Non-Script Elements
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.