CWE-80
Overview
- CWE ID
- 80
- CWE Name
- Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
- CWE Abstraction
- Variant
- CWE structure
- Simple
- CWE Status
- Incomplete
Description
The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component tha
Extended Description
This may allow such characters to be treated as control characters, which are executed client-side in the context of the user's session. Although this can be classified as an injection problem, the more pertinent issue is the improper conversion of such s
Related CWEs
| CWE ID | View ID | Nature | Ordinal |
|---|---|---|---|
| 79 | 1000 | ChildOf | Primary |