CWE-82: Improper Neutralization of Script in Attributes of IMG Tags in a Web Page
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The web application does not neutralize or incorrectly neutralizes scripting elements within attributes of HTML IMG tags, such as the src attribute.
扩展描述
Attackers can embed XSS exploits into the values for IMG attributes (e.g. SRC) that is streamed and then executed in a victim's browser. Note that when the page is loaded into a user's browsers, the exploit will automatically execute.
常见后果
影响范围: Confidentiality Integrity Availability
技术影响: Read Application Data Execute Unauthorized Code or Commands
潜在缓解措施
阶段: Implementation
策略: Output Encoding
阶段: Implementation
策略: Attack Surface Reduction
描述: To help mitigate XSS attacks against the user's session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user's session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.
有效性: Defense in Depth
观察示例
参考: CVE-2006-3211
Stored XSS in a guestbook application using a javascript: URI in a bbcode img tag.
参考: CVE-2002-1649
javascript URI scheme in IMG tag.
参考: CVE-2002-1803
javascript URI scheme in IMG tag.
参考: CVE-2002-1804
javascript URI scheme in IMG tag.
参考: CVE-2002-1805
javascript URI scheme in IMG tag.
参考: CVE-2002-1806
javascript URI scheme in IMG tag.
参考: CVE-2002-1807
javascript URI scheme in IMG tag.
参考: CVE-2002-1808
javascript URI scheme in IMG tag.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | - | Script in IMG tags | - |
| Software Fault Patterns | SFP24 | Tainted input to command | - |