Description
Cross-Site Scripting (XSS) attacks occur when malicious scripts are injected into trusted websites, often through user inputs, and executed in the browsers of other users. These attacks exploit vulnerabilities in web applications that fail to properly validate or encode user input, allowing attackers to steal sensitive information, hijack user sessions, deface websites, and more.
Recommendation
Update or remove the affected module.
References
- Drupal
- OWASP: Cross Site Scripting (XSS)
- OWASP: XSS Prevention Cheat Sheet
- OWASP: ESAPI project
- CWE-20
- CWE-79
- CAPEC-63
- CAPEC-310
- OWASP 2021-A3
- OWASP 2021-A6
Related Issues
- Cross Site Scripting - Vulnerability
- WordPress Akal Theme Cross Site Scripting - CVE-2016-10957
- Cross-Site Scripting (XSS) via Select Schema Option Value Injection in @pdfme/schemas - Vulnerability
- Apache Expect Header Cross Site Scripting - CVE-2006-3918
You might also like:
- Tags:
- Drupal
- XSS
- Reflected-XSS
- Injection
Anything's wrong? Let us know Last updated on May 13, 2024