Detailedlikelihood: Highseverity: Very HighDraft

CAPEC-86XSS Through HTTP Headers

Abstraction
Detailed
Status
Draft
Likelihood
High
Severity
Very High

Description

An adversary exploits web applications that generate web content, such as links in a HTML page, based on unvalidated or improperly validated data submitted by other actors. XSS in HTTP Headers attacks target the HTTP headers which are hidden from most users and may not be validated by web applications.

Related weaknesses· 1

CWE-80

Related attack patterns· 3

CAPEC-591 (ChildOf)CAPEC-588 (ChildOf)CAPEC-592 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)cwe-80100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
XSS Through HTTP Query Strings
CAPEC
XSS Targeting HTML Attributes
CAPEC
Cross-Site Scripting (XSS)
CAPEC
Reflected XSS
CAPEC
XSS Targeting URI Placeholders
CAPEC
XSS Targeting Non-Script Elements
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.