| 40012 |
Cross Site Scripting (Reflected) |
release |
High |
Active |
| 40014-1 |
Cross Site Scripting (Persistent) |
release |
High |
Active |
| 40014-2 |
Cross Site Scripting Weakness (Persistent in JSON Response) |
release |
Low |
Active |
| 40014-3 |
Cross Site Scripting (Persistent) |
release |
High |
Active |
| 40026 |
Cross Site Scripting (DOM Based) |
release |
High |
Active |
| 40101 |
Cross-site Scripting |
alpha |
High |
Tool |
| 40102 |
Cross-site Scripting |
alpha |
High |
Tool |
| 100014 |
Reflected HTTP GET Parameter(s) |
alpha |
Informational |
Script Passive |
| 200002-1 |
XSS - Unfiltered <script> tag |
alpha |
High |
Tool |
| 200002-2 |
XSS - Script tag after noscript tag |
alpha |
High |
Tool |
| 200002-3 |
XSS - Svg tag with animation event |
alpha |
High |
Tool |
| 200002-4 |
XSS - Img onerror |
alpha |
High |
Tool |
| 200002-5 |
XSS - Img onerror |
alpha |
High |
Tool |
| 200002-6 |
XSS - attribute context img onerror |
alpha |
High |
Tool |
| 200002-7 |
XSS - SVG onload polyglot |
alpha |
High |
Tool |
| 200002-8 |
XSS - JS string break-out |
alpha |
High |
Tool |
| 200002-9 |
XSS - JS template literal break-out |
alpha |
High |
Tool |
| 200002-10 |
XSS - JS expression replacement |
alpha |
High |
Tool |
| 200002-11 |
XSS - JS single-quoted string break-out |
alpha |
High |
Tool |
| 200002-12 |
XSS - JS slash/regex literal break-out |
alpha |
High |
Tool |
| 200002-13 |
XSS - JS block comment break-out |
alpha |
High |
Tool |
| 200002-14 |
XSS - double-quoted attribute event injection |
alpha |
High |
Tool |
| 200002-15 |
XSS - single-quoted attribute event injection |
alpha |
High |
Tool |
| 200002-16 |
XSS - unquoted attribute event injection |
alpha |
High |
Tool |
| 200002-17 |
XSS - attribute-name event injection |
alpha |
High |
Tool |
| 200002-18 |
XSS - tag-name SVG onload injection |
alpha |
High |
Tool |
| 200007 |
SPA hash DOM XSS |
alpha |
High |
Tool |
| 210000-1 |
DOM XSS via inline event handler |
alpha |
High |
Tool |
| 210000-2 |
DOM XSS via Element.innerHTML |
alpha |
High |
Tool |
| 210000-3 |
DOM XSS via Element.outerHTML |
alpha |
High |
Tool |
| 210000-4 |
DOM XSS via insertAdjacentHTML |
alpha |
High |
Tool |
| 210000-5 |
DOM XSS via document.write |
alpha |
High |
Tool |
| 210000-6 |
DOM XSS via DOM mutations |
alpha |
High |
Tool |
| 210003-1 |
javascript: URL assigned to href |
alpha |
High |
Tool |
| 210003-2 |
javascript: URL navigated via location.href |
alpha |
High |
Tool |
| 210003-3 |
javascript: URL assigned to iframe.src |
alpha |
High |
Tool |
| 210003-4 |
data: URL assigned to script.src |
alpha |
High |
Tool |
| 210006-1 |
javascript: URL assigned to form action |
alpha |
High |
Tool |
| 210006-2 |
javascript: URL assigned to formAction |
alpha |
High |
Tool |
| 210007-1 |
Response field rendered via innerHTML |
alpha |
High |
Tool |
| 210007-2 |
Response field rendered via document.write |
alpha |
High |
Tool |
| 220000-1 |
Disallow innerHTML/outerHTML assignments |
alpha |
High |
Tool |
| 220000-2 |
Review uses of appendChild |
alpha |
High |
Tool |
| 220000-3 |
Disallow document.write()/writeln() |
alpha |
High |
Tool |
| 220000-4 |
Review DOMParser.parseFromString with dynamic HTML/XML |
alpha |
High |
Tool |
| 220000-5 |
template.innerHTML with dynamic content |
alpha |
High |
Tool |
| 220000-6 |
Inline event handler built from dynamic data |
alpha |
High |
Tool |
| 220000-7 |
Disallow insertAdjacentHTML() |
alpha |
High |
Tool |
| 220000-8 |
DOM-based XSS (taint flow) |
alpha |
High |
Tool |
| 220000-9 |
DOM XSS via innerHTML (Angular) |
alpha |
High |
Tool |