VariantIncomplete

CWE-82Improper Neutralization of Script in Attributes of IMG Tags in a Web Page

Category: other

Description

The web application does not neutralize or incorrectly neutralizes scripting elements within attributes of HTML IMG tags, such as the src attribute. Attackers can embed XSS exploits into the values for IMG attributes (e.g. SRC) that is streamed and then executed in a victim's browser. Note that when the page is loaded into a user's browsers, the exploit will automatically execute.

Common consequences· 1

  • Confidentiality / Integrity / Availability — Read Application Data, Execute Unauthorized Code or Commands

Potential mitigations· 2

  • [Implementation]
  • [Implementation]To help mitigate XSS attacks against the user's session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user's session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XmlHttpRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.

References

  1. https://cwe.mitre.org/data/definitions/82.html

(incoming)1

TypeTargetConfidenceTier
VulnerabilityCVE-2025-53194cve-2025-531940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Neutralization of Encoded URI Schemes in a Web Page
CWE
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE
Improper Neutralization of Script in Attributes in a Web Page
CWE
Improper Neutralization of Alternate XSS Syntax
CAPEC
XSS Targeting Non-Script Elements
CWE
Server-Side Request Forgery (SSRF)
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.