StackHawk Documentation StackHawk Logo HawkDocs
vulnerabilities
10030

No results found

Try different keywords or check your spelling

Search documentation

Find guides, API references, and more

esc
Back to Index

User Controllable Charset

Reference
Plugin ID: 10030 CWE: 20 WASC: 20 Unknown Passive Injection

Remediation

  1. Force UTF-8 encoding: Always explicitly set UTF-8 encoding for all responses and never allow user input to influence charset declarations.
  2. Server-side charset control: Ensure charset declarations are controlled entirely by the server application, not user input.
  3. Input validation: Validate and sanitize any user input that might affect Content-Type headers.
  4. Framework configuration: Configure your web framework to automatically handle charset declarations securely.

About

User Controllable Charset vulnerabilities occur when user input can influence Content-Type headers or HTML meta tag charset declarations. This can allow attackers to manipulate how browsers interpret the content, potentially leading to character set confusion attacks and cross-site scripting.

Risks

High Charset manipulation can enable sophisticated XSS attacks, content injection, character encoding attacks, and browser security bypass techniques that may not be detected by standard security filters.

Your privacy settings

We use first and third party cookies to ensure that we give you the best experience on our website and in our products.

Privacy Policy