CWE-149 : Improper Neutralization of Quoting Syntax

Quotes injected into a product can be used to compromise a system. As data are parsed, an injected/absent/duplicate/malformed use of quotes may cause the process to take unexpected actions.

Created: 2006-07-19 Updated: 2023-06-29 Source: https://cwe.mitre.org/data/definitions/149.html
Vulnerabilities related to CWE-149

Related CAPEC definitions

An attacker makes use of Cascading Style Sheets (CSS) injection to steal data cross domain from the victim's browser. The attack works by abusing the standards relating to loading of CSS: 1. Send cookies on any load of CSS (including cross-domain) 2. When parsing returned CSS ignore all data that does not make sense before a valid CSS descriptor is found by the CSS parser.
Please note that CWE definitions are provided as a quick reference only. Visit http://cwe.mitre.org/ for a complete list of CWE entries and for more details.
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close