Trustworthiness Attribute Extrinsic-XS-TW

URI: Extrinsic-XS-TW

Package: VulnerabilityCVSS

< prev

Description: Free of software vulnerabilities that allow injection of malicious scripts into a client process.

This attribute is undermined by the misbehaviour LossOfExtrinsic-XS-TW

Process

Represents a process (usually implemented by software running on a Host) that can read, update or create data, or exchange data with other processes.

Extrinsic-XS-TW
CC.AuC.DFrXSS.3

Reflected XSS exploit on Client via Service injected via client input Data from FlowsFrom: an attacker who can inject malicious content into input Data flowing to Client from FlowsFrom can exploit a bug in Service to send a harmful script to the client browser. We assume this will make the browser leak authentication credentials, such as a password or session key.
Extrinsic-XS-TW
CC.AuC.DFsXSS.3

Stored XSS exploit against Client by Service injected via input Data from FlowsFrom: an attacker who can inject malicious content into input Data flowing to Service from FlowsFrom can exploit a bug in Service, and send a harmful script to a trusting client browser Client. We assume this will make the browser leak authentication credentials, such as a password or session key.
Extrinsic-XS-TW
CC.AuC.DSrXSS.3

Reflected XSS exploit on Client from Service injected via locally stored client input Data: an attacker who can inject malicious content into locally stored input Data used by Client can exploit a bug in Service and send a harmful script to the client browser. We assume this will make the browser leak authentication credentials, such as a password or session key.
Extrinsic-XS-TW
CC.AuC.DSsXSS.3

Stored XSS exploit from Service against Client: an attacker who can inject malicious content into service input Data stored on SHost can exploit a bug in Service, and send a harmful script to a trusting client browser Client. We assume this will make the browser leak authentication credentials, such as a password or session key.
Extrinsic-XS-TW
P.A.HuDFrXSS.6

Service Service disabled to prevent XSS attack on Client via its input Data from FlowsFrom: if service Service is disabled by HostManager to prevent XSS attacks using malicious content injected via Data from FlowsFrom, this will make the service unavailable.
Extrinsic-XS-TW
P.A.HuDFsXSS.6

Service Service disabled to prevent XSS attack on Client injected via input Data from FlowsFrom: if service Service is disabled to prevent XSS attacks on Client injected via input Data from FlowsFrom, then Service will be unavailable.
Extrinsic-XS-TW
P.A.HuDSrXSS.6

Service Service disabled to prevent XSS attack on Client via its input Data: if service Service is disabled to prevent XSS attacks using malicious content injected via locally stored inpuut Data, this will make the service unavailable.
Extrinsic-XS-TW
P.A.HuDSsXSS.6

Service Service disabled to prevent XSS attack on Client injected via local input Data: if service Service is disabled to prevent XSS attacks on Client injected via input Data, then Service will be unavailable.