VYPR

CWE-87

Improper Neutralization of Alternate XSS Syntax

VariantDraft

Description

The product does not neutralize or incorrectly neutralizes user-controlled input for alternate script syntax.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-199

CVEs mapped to this weakness (43)

page 3 of 3
  • CVE-2021-32797Aug 9, 2021
    risk 0.00cvss epss 0.03

    JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn’t sanitize the action attribute of html ``. Using this it is…

  • CVE-2020-5298Jun 3, 2020
    risk 0.00cvss epss 0.01

    In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the `ImportExportController` behavior can be socially engineered by an attacker to upload a maliciously crafted CSV file which…

  • CVE-2009-1275Apr 9, 2009
    risk 0.00cvss epss 0.03

    Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified…