Threat P.A.HuDFrXSS.6

URI: P.A.HuDFrXSS.6

Description: Service Service disabled to prevent XSS attack on Client via its input Data from FlowsFrom: if service Service is disabled by HostManager to prevent XSS attacks using malicious content injected via Data from FlowsFrom, this will make the service unavailable.

Threat Type: Primary Threat

Matching Pattern:

MP-HuDFrXSS

Finds human using a web browser that uses a service with a host and a host manager, where the browser receives from another process (not the service) data not created by either the browser or its user, plus the client channel between the browser and the service which must go via an IP subnet, and optionally the service manager.

(empty)

SC.A.CCCmSCS.0

Client Client cannot access unavailable service Service: loss of availability in the service Service makes the connection from Client unavailable on all channels.

CSG-SuspendServiceVulnerableToXSS-Trigger

LossOfAvailability at Role_Service

(empty)

Threat P.A.HuDFrXSS.6

MP-HuDFrXSS

Triggered by Threat (0)

Triggers Secondary Threats (1)

SC.A.CCCmSCS.0

Triggered By Control Strategy (1)

Misbehaviour Sets (1)

Control Strategies (0)