CWE-85 2 個 CVE MITRE 定義 ↗

CWE-85:Doubled Character XSS Manipulations

概覽

CWE-85(Doubled Character XSS Manipulations)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The web application does not filter user-controlled input for executable script disguised using doubling of the involved characters.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined
technology Web Based Undetermined
technology Web Server Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2024-13721 2025-01-25 The Plethora Plugins Tabs + Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the anchor parameter in all versions up to, and including, 1.1.8 due to insufficient input …
CVE-2022-41676 2022-11-28 Raiden MAILD Mail Server website mail field has insufficient filtering for user input. A remote attacker with general user privilege can send email using the website with malicious JavaScript in the i…

內容提交

名稱
PLOVER
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities
2010-04-05 CWE Content Team 1.8.1 updated Related_Attack_Patterns
2010-06-21 CWE Content Team 1.9 updated Potential_Mitigations
2010-12-13 CWE Content Team 1.11 updated Description
2011-03-29 CWE Content Team 1.12 updated Potential_Mitigations
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Related_Attack_Patterns, Relationships
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2017-05-03 CWE Content Team 2.11 updated Potential_Mitigations, Related_Attack_Patterns
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms, Causal_Nature
2020-02-24 CWE Content Team 4.0 updated Relationships
2020-06-25 CWE Content Team 4.1 updated Potential_Mitigations
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms
cvelogic Threat Intelligence