XSS Using MIME Type Mismatch |
CWE-20
|
Improper Input Validation
|
CWE-79
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
CWE-646
|
Reliance on File Name or Extension of Externally-Supplied File
|
|
DOM-Based XSS |
CWE-20
|
Improper Input Validation
|
CWE-79
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
CWE-83
|
Improper Neutralization of Script in Attributes in a Web Page
|
|
Reflected XSS |
CWE-79
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|
Stored XSS |
CWE-79
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|
Cross-Site Scripting (XSS) |
CWE-20
|
Improper Input Validation
|
CWE-79
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|
AJAX Footprinting |
CWE-20
|
Improper Input Validation
|
CWE-79
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
CWE-86
|
Improper Neutralization of Invalid Characters in Identifiers in Web Pages
|
CWE-96
|
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
|
CWE-113
|
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
|
CWE-116
|
Improper Encoding or Escaping of Output
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
CWE-348
|
Use of Less Trusted Source
|
CWE-692
|
Incomplete Denylist to Cross-Site Scripting
|
|