|
|
Status: Draft Compound Element ID: 692 (Compound Element Base: Chain)Description Summary The product uses a blacklist-based protection mechanism to defend against XSS attacks, but the blacklist is incomplete, allowing XSS variants to succeed. Relevant Properties  ValidityObserved Examples
Other Notes While XSS might seem simple to prevent, web browsers vary so widely in how they parse web pages, that a blacklist cannot keep track of all the variations. The "XSS Cheat Sheet" (see references) contains a large number of attacks that are intended to bypass incomplete blacklists. References S. Christey. "Blacklist defenses as a breeding ground for vulnerability
variants". February 2006. <http:/ Relationships
Applicable Platforms Languages C C++ Content History Modifications Eric Dalci. Cigital. 2008-07-01. (External) updated Time_of_Introduction CWE Content Team. MITRE. 2008-09-08. (Internal) updated Applicable_Platforms, Relationships, Other_Notes |
|
|
|||
