Image Injection

  • CWE 601
  • WASC 38
  • PCI 3.2-6.5.1
  • OWASP 2017-A1

It is possible for an attacker to control src attribute of HTML img tag. It may execute JavaScript and lead to a Cross-site Scripting (XSS) vulnerability.

If there is also an XSS for the same injection point, it will be reported as separate.