| CAPEC | Related Weakness |
| XSS Through HTTP Headers |
| CWE-80 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) |
|
| XSS Targeting Non-Script Elements |
| CWE-80 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) |
|
| PHP Remote File Inclusion |
| CWE-80 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) |
| CWE-98 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') |
| CWE-714 | OWASP Top Ten 2007 Category A3 - Malicious File Execution |
|
| XSS Through HTTP Query Strings |
| CWE-80 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) |
|
