Documentation - V-222602

V-222602

Application Security and Development Security Technical Implementation Guide

CAT I

Title

The application must protect from Cross-Site Scripting (XSS) vulnerabilities.

Description

<VulnDiscussion>XSS attacks are essentially code injection attacks against the various language interpreters contained within the browser. XSS can be executed via HTML, JavaScript, VBScript, ActiveX; essentially any scripting language a browser is capable of processing. XSS vulnerabilities are created when a website does not properly sanitize, escape, or encode user input. For example, "<" is the HTML encoding for the "<" character. If the encoding is performed, the script code will not exec...

Fix Text (Documentation Requirement)

Verify user input is validated and encode or escape user input to prevent embedded script code from executing. Develop your application using a web template system or a web application development framework that provides auto escaping features rather than building your own escape logic.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel