Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.9)  

Presentation Filter:

CWE-725: OWASP Top Ten 2004 Category A4 - Cross-Site Scripting (XSS) Flaws

OWASP Top Ten 2004 Category A4 - Cross-Site Scripting (XSS) Flaws
Category ID: 725 (Category)Status: Incomplete
+ Description

Description Summary

Weaknesses in this category are related to the A4 category in the OWASP Top Ten 2004.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ParentOfWeakness BaseWeakness Base79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOfWeakness VariantWeakness Variant644Improper Neutralization of HTTP Headers for Scripting Syntax
Weaknesses in OWASP Top Ten (2004) (primary)711
MemberOfViewView711Weaknesses in OWASP Top Ten (2004)
Weaknesses in OWASP Top Ten (2004) (primary)711
+ References
OWASP. "A4 Cross-Site Scripting (XSS) Flaws". 2007. <>.
+ Content History
Submission DateSubmitterOrganizationSource
2008-08-15VeracodeExternal Submission
Suggested creation of view and provided mappings
Modification DateModifierOrganizationSource
2009-03-10CWE Content TeamMITREInternal
updated Relationships
Page Last Updated: December 08, 2015