Scope | Impact | Likelihood |
---|---|---|
Confidentiality | Read Application Data Note: An attacker may be able to read sensitive data. | |
Availability | DoS: Crash, Exit, or Restart Note: An attacker may be able to cause a denial of service. | |
Access Control | Gain Privileges or Assume Identity Note: An attacker may be able to gain privileges. |
CAPEC-ID | Attack Pattern Name |
---|---|
CAPEC-209 | XSS Using MIME Type Mismatch An adversary creates a file with scripting content but where the specified MIME type of the file is such that scripting is not expected. The adversary tricks the victim into accessing a URL that responds with the script file. Some browsers will detect that the specified MIME type of the file does not match the actual type of its content and will automatically switch to using an interpreter for the real content type. If the browser does not invoke script filters before doing this, the adversary's script may run on the target unsanitized, possibly revealing the victim's cookies or executing arbitrary script in their browser. |
Name | Organization | Date | Date Release | Version |
---|---|---|---|---|
Evgeny Lebanidze | Cigital | Draft 8 |
Name | Organization | Date | Comment |
---|---|---|---|
CWE Content Team | MITRE | updated Common_Consequences, Relationships, Observed_Example | |
CWE Content Team | MITRE | Significant clarification of the weakness description. | |
CWE Content Team | MITRE | updated Description, Name, Observed_Examples, Relationships | |
CWE Content Team | MITRE | updated Related_Attack_Patterns | |
CWE Content Team | MITRE | updated Common_Consequences | |
CWE Content Team | MITRE | updated Applicable_Platforms, Common_Consequences | |
CWE Content Team | MITRE | updated Common_Consequences, Description | |
CWE Content Team | MITRE | updated Common_Consequences | |
CWE Content Team | MITRE | updated Relationships | |
CWE Content Team | MITRE | updated Potential_Mitigations | |
CWE Content Team | MITRE | updated Relationships | |
CWE Content Team | MITRE | updated Enabling_Factors_for_Exploitation | |
CWE Content Team | MITRE | updated Applicable_Platforms, Relationships | |
CWE Content Team | MITRE | updated Relationships | |
CWE Content Team | MITRE | updated Description | |
CWE Content Team | MITRE | updated Relationships | |
CWE Content Team | MITRE | updated Description, Mapping_Notes |