CWE-83 - Improper Neutralization of Script in Attributes in a Web Page
CWE-83
- Abstraction:
- Variant
- Structure:
- Simple
- Status:
- Draft
- Weakness Name
Improper Neutralization of Script in Attributes in a Web Page
- Description
The product does not neutralize or incorrectly neutralizes "javascript:" or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style.
- Common Consequences
Scope: Confidentiality, Integrity, Availability
Impact: Read Application Data, Execute Unauthorized Code or Commands
- Related Weaknesses
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2023-06-29
Free security scan for your website