CWE-85 - Doubled Character XSS Manipulations

CWE-85

Abstraction:
Variant

Structure:
Simple

Status:
Draft

Weakness Name: Doubled Character XSS Manipulations

Description: The web application does not filter user-controlled input for executable script disguised using doubling of the involved characters.

Common Consequences: Scope: Confidentiality, Integrity, Availability
Impact: Read Application Data, Execute Unauthorized Code or Commands

Related Weaknesses

CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')High

CWE-675Multiple Operations on Resource in Single-Operation Context

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard