Cyber Resilience

CWE · MITRE source

CWE-83Improper Neutralization of Script in Attributes in a Web Page

Abstraction: Variant · CVEs in our corpus: 23

The product does not neutralize or incorrectly neutralizes "javascript:" or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: full · 6 mapping(s) from 4 framework(s): CAPEC 2 (partial) · ATT&CK 2 (partial) · OWASP-Web 1 (full) · ASVS 5.0 1 (mostly)

See the full cumulative-coverage rollup →

OWASP Top 10 for Web (2025)

This weakness contributes to A05:2025 Injection.

NIST 800-53 r5 controls that address this weakness (0)AI

Control Title Family Why it addresses this CWE
No NIST controls proposed yet.

MITRE ATT&CK techniques this weakness enables

Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.

Direction: other covers this; this covers other (F/M/P = full / mostly / partial).

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2023-320707.09.00.00652023-05-10
CVE-2023-379087.09.00.01062023-10-25
CVE-2025-587467.09.00.00292025-09-08
CVE-2024-26283 UPD5.57.80.00282024-02-22
CVE-2024-525955.57.70.00472024-11-19
CVE-2025-46155.57.20.00722025-10-09
CVE-2026-582635.57.20.00182026-07-01
CVE-2022-392623.55.20.00632022-11-03
CVE-2023-309583.54.70.00352023-08-03
CVE-2024-91033.56.10.00222025-03-24
CVE-2025-671633.56.10.00212025-12-18
CVE-2026-228493.54.80.00202026-01-21
CVE-2026-235163.55.40.00142026-01-21
CVE-2026-8245 UPD3.55.40.00142026-05-21
CVE-2026-456693.55.40.00162026-06-12
CVE-2026-537223.55.40.00202026-06-12
CVE-2026-538413.56.10.00192026-06-16
CVE-2020-145251.53.50.00442020-09-18
CVE-2025-271451.53.60.00432025-02-25