Read Time:36 Second
Description
The product uses a denylist-based protection mechanism to defend against XSS attacks, but the denylist is incomplete, allowing XSS variants to succeed.
While XSS might seem simple to prevent, web browsers vary so widely in how they parse web pages, that a denylist cannot keep track of all the variations. The “XSS Cheat Sheet” [REF-714] contains a large number of attacks that are intended to bypass incomplete denylists.
Modes of Introduction:
Likelihood of Exploit:
Related Weaknesses
Consequences
Confidentiality, Integrity, Availability: Execute Unauthorized Code or Commands
Potential Mitigations
CVE References
- CVE-2007-5727
- Denylist only removes
- Denylist only removes