| CAPEC | Related Weakness |
| Blind SQL Injection |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| CWE-209 | Generation of Error Message Containing Sensitive Information |
| CWE-697 | Incorrect Comparison |
| CWE-707 | Improper Neutralization |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
| Overflow Variables and Tags |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-118 | Incorrect Access of Indexable Resource ('Range Error') |
| CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
| CWE-680 | Integer Overflow to Buffer Overflow |
| CWE-697 | Incorrect Comparison |
| CWE-733 | Compiler Optimization Removal or Modification of Security-critical Code |
|
| Postfix, Null Terminate, and Backslash |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-158 | Improper Neutralization of Null Byte or NUL Character |
| CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
| CWE-172 | Encoding Error |
| CWE-173 | Improper Handling of Alternate Encoding |
| CWE-697 | Incorrect Comparison |
| CWE-707 | Improper Neutralization |
|
| Web Logs Tampering |
| CWE-20 | Improper Input Validation |
| CWE-75 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) |
| CWE-93 | Improper Neutralization of CRLF Sequences ('CRLF Injection') |
| CWE-96 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') |
| CWE-116 | Improper Encoding or Escaping of Output |
| CWE-117 | Improper Output Neutralization for Logs |
| CWE-150 | Improper Neutralization of Escape, Meta, or Control Sequences |
| CWE-221 | Information Loss or Omission |
| CWE-276 | Incorrect Default Permissions |
| CWE-279 | Incorrect Execution-Assigned Permissions |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
| Signature Spoof |
| CWE-20 | Improper Input Validation |
| CWE-290 | Authentication Bypass by Spoofing |
| CWE-327 | Use of a Broken or Risky Cryptographic Algorithm |
|
| Using Unicode Encoding to Bypass Validation Logic |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
| CWE-172 | Encoding Error |
| CWE-173 | Improper Handling of Alternate Encoding |
| CWE-176 | Improper Handling of Unicode Encoding |
| CWE-179 | Incorrect Behavior Order: Early Validation |
| CWE-180 | Incorrect Behavior Order: Validate Before Canonicalize |
| CWE-183 | Permissive List of Allowed Inputs |
| CWE-184 | Incomplete List of Disallowed Inputs |
| CWE-692 | Incomplete Denylist to Cross-Site Scripting |
| CWE-697 | Incorrect Comparison |
|
| OS Command Injection |
| CWE-20 | Improper Input Validation |
| CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| CWE-88 | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') |
| CWE-697 | Incorrect Comparison |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
| Buffer Overflow in an API Call |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-118 | Incorrect Access of Indexable Resource ('Range Error') |
| CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
| CWE-680 | Integer Overflow to Buffer Overflow |
| CWE-697 | Incorrect Comparison |
| CWE-733 | Compiler Optimization Removal or Modification of Security-critical Code |
|
| XSS Using MIME Type Mismatch |
| CWE-20 | Improper Input Validation |
| CWE-79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| CWE-646 | Reliance on File Name or Extension of Externally-Supplied File |
|
| XPath Injection |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-91 | XML Injection (aka Blind XPath Injection) |
| CWE-707 | Improper Neutralization |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
| Using Slashes and URL Encoding Combined to Bypass Validation Logic |
| CWE-20 | Improper Input Validation |
| CWE-21 | DEPRECATED: Pathname Traversal and Equivalence Errors |
| CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| CWE-73 | External Control of File Name or Path |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
| CWE-172 | Encoding Error |
| CWE-173 | Improper Handling of Alternate Encoding |
| CWE-177 | Improper Handling of URL Encoding (Hex Encoding) |
| CWE-697 | Incorrect Comparison |
| CWE-707 | Improper Neutralization |
|
| Embedding NULL Bytes |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-158 | Improper Neutralization of Null Byte or NUL Character |
| CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
| CWE-172 | Encoding Error |
| CWE-173 | Improper Handling of Alternate Encoding |
| CWE-697 | Incorrect Comparison |
| CWE-707 | Improper Neutralization |
|
| String Format Overflow in syslog() |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
| CWE-134 | Use of Externally-Controlled Format String |
| CWE-680 | Integer Overflow to Buffer Overflow |
| CWE-697 | Incorrect Comparison |
|
| Using Escaped Slashes in Alternate Encoding |
| CWE-20 | Improper Input Validation |
| CWE-21 | DEPRECATED: Pathname Traversal and Equivalence Errors |
| CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| CWE-73 | External Control of File Name or Path |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
| CWE-172 | Encoding Error |
| CWE-173 | Improper Handling of Alternate Encoding |
| CWE-180 | Incorrect Behavior Order: Validate Before Canonicalize |
| CWE-181 | Incorrect Behavior Order: Validate Before Filter |
| CWE-697 | Incorrect Comparison |
| CWE-707 | Improper Neutralization |
|
| Buffer Overflow via Environment Variables |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-99 | Improper Control of Resource Identifiers ('Resource Injection') |
| CWE-118 | Incorrect Access of Indexable Resource ('Range Error') |
| CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
| CWE-302 | Authentication Bypass by Assumed-Immutable Data |
| CWE-680 | Integer Overflow to Buffer Overflow |
| CWE-697 | Incorrect Comparison |
| CWE-733 | Compiler Optimization Removal or Modification of Security-critical Code |
|
| Cross Zone Scripting |
| CWE-20 | Improper Input Validation |
| CWE-116 | Improper Encoding or Escaping of Output |
| CWE-250 | Execution with Unnecessary Privileges |
| CWE-285 | Improper Authorization |
| CWE-638 | Not Using Complete Mediation |
|
| Object Relational Mapping Injection |
| CWE-20 | Improper Input Validation |
| CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| CWE-100 | DEPRECATED: Technology-Specific Input Validation Problems |
| CWE-564 | SQL Injection: Hibernate |
|
| SQL Injection through SOAP Parameter Tampering |
| CWE-20 | Improper Input Validation |
| CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
|
| Filter Failure through Buffer Overflow |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-118 | Incorrect Access of Indexable Resource ('Range Error') |
| CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
| CWE-680 | Integer Overflow to Buffer Overflow |
| CWE-697 | Incorrect Comparison |
| CWE-733 | Compiler Optimization Removal or Modification of Security-critical Code |
|
| Fuzzing for garnering other adjacent user/sensitive data |
| CWE-20 | Improper Input Validation |
|
| Buffer Overflow via Parameter Expansion |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-118 | Incorrect Access of Indexable Resource ('Range Error') |
| CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
| CWE-130 | Improper Handling of Length Parameter Inconsistency |
| CWE-131 | Incorrect Calculation of Buffer Size |
| CWE-680 | Integer Overflow to Buffer Overflow |
| CWE-697 | Incorrect Comparison |
|
| URL Encoding |
| CWE-20 | Improper Input Validation |
| CWE-21 | DEPRECATED: Pathname Traversal and Equivalence Errors |
| CWE-73 | External Control of File Name or Path |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
| CWE-172 | Encoding Error |
| CWE-173 | Improper Handling of Alternate Encoding |
| CWE-177 | Improper Handling of URL Encoding (Hex Encoding) |
|
| Using UTF-8 Encoding to Bypass Validation Logic |
| CWE-20 | Improper Input Validation |
| CWE-21 | DEPRECATED: Pathname Traversal and Equivalence Errors |
| CWE-73 | External Control of File Name or Path |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
| CWE-172 | Encoding Error |
| CWE-173 | Improper Handling of Alternate Encoding |
| CWE-180 | Incorrect Behavior Order: Validate Before Canonicalize |
| CWE-181 | Incorrect Behavior Order: Validate Before Filter |
| CWE-692 | Incomplete Denylist to Cross-Site Scripting |
| CWE-697 | Incorrect Comparison |
|
| Buffer Overflow in Local Command-Line Utilities |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-118 | Incorrect Access of Indexable Resource ('Range Error') |
| CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
| CWE-680 | Integer Overflow to Buffer Overflow |
| CWE-697 | Incorrect Comparison |
| CWE-733 | Compiler Optimization Removal or Modification of Security-critical Code |
|
| DOM-Based XSS |
| CWE-20 | Improper Input Validation |
| CWE-79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| CWE-83 | Improper Neutralization of Script in Attributes in a Web Page |
|
| SQL Injection |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| CWE-697 | Incorrect Comparison |
| CWE-707 | Improper Neutralization |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
| Using Slashes in Alternate Encoding |
| CWE-20 | Improper Input Validation |
| CWE-21 | DEPRECATED: Pathname Traversal and Equivalence Errors |
| CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| CWE-73 | External Control of File Name or Path |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
| CWE-173 | Improper Handling of Alternate Encoding |
| CWE-180 | Incorrect Behavior Order: Validate Before Canonicalize |
| CWE-181 | Incorrect Behavior Order: Validate Before Filter |
| CWE-185 | Incorrect Regular Expression |
| CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor |
| CWE-697 | Incorrect Comparison |
| CWE-707 | Improper Neutralization |
|
| LDAP Injection |
| CWE-20 | Improper Input Validation |
| CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
| CWE-90 | Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') |
|
| Client-side Injection-induced Buffer Overflow |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-118 | Incorrect Access of Indexable Resource ('Range Error') |
| CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
| CWE-353 | Missing Support for Integrity Check |
| CWE-680 | Integer Overflow to Buffer Overflow |
| CWE-697 | Incorrect Comparison |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
| XML Oversized Payloads |
| CWE-19 | Data Processing Errors |
| CWE-20 | Improper Input Validation |
| CWE-112 | Missing XML Validation |
| CWE-674 | Uncontrolled Recursion |
| CWE-770 | Allocation of Resources Without Limits or Throttling |
|
| Accessing/Intercepting/Modifying HTTP Cookies |
| CWE-20 | Improper Input Validation |
| CWE-113 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') |
| CWE-302 | Authentication Bypass by Assumed-Immutable Data |
| CWE-311 | Missing Encryption of Sensitive Data |
| CWE-315 | Cleartext Storage of Sensitive Information in a Cookie |
| CWE-384 | Session Fixation |
| CWE-472 | External Control of Assumed-Immutable Web Parameter |
| CWE-539 | Use of Persistent Cookies Containing Sensitive Information |
| CWE-565 | Reliance on Cookies without Validation and Integrity Checking |
| CWE-602 | Client-Side Enforcement of Server-Side Security |
| CWE-642 | External Control of Critical State Data |
| CWE-724 | OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management |
|
| Input Data Manipulation |
| CWE-20 | Improper Input Validation |
|
| File Content Injection |
| CWE-20 | Improper Input Validation |
|
| Fuzzing |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-388 | 7PK - Errors |
|
| MIME Conversion |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
|
| Buffer Overflow via Symbolic Links |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-118 | Incorrect Access of Indexable Resource ('Range Error') |
| CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
| CWE-285 | Improper Authorization |
| CWE-302 | Authentication Bypass by Assumed-Immutable Data |
| CWE-680 | Integer Overflow to Buffer Overflow |
| CWE-697 | Incorrect Comparison |
|
| AJAX Fingerprinting |
| CWE-20 | Improper Input Validation |
| CWE-79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| CWE-86 | Improper Neutralization of Invalid Characters in Identifiers in Web Pages |
| CWE-96 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') |
| CWE-113 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') |
| CWE-116 | Improper Encoding or Escaping of Output |
| CWE-184 | Incomplete List of Disallowed Inputs |
| CWE-348 | Use of Less Trusted Source |
| CWE-692 | Incomplete Denylist to Cross-Site Scripting |
| CWE-712 | OWASP Top Ten 2007 Category A1 - Cross Site Scripting (XSS) |
|
| Server Side Include (SSI) Injection |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-97 | Improper Neutralization of Server-Side Includes (SSI) Within a Web Page |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
| Command Line Execution through SQL Injection |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| CWE-114 | Process Control |
|
| Double Encoding |
| CWE-20 | Improper Input Validation |
| CWE-21 | DEPRECATED: Pathname Traversal and Equivalence Errors |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
| CWE-172 | Encoding Error |
| CWE-173 | Improper Handling of Alternate Encoding |
| CWE-177 | Improper Handling of URL Encoding (Hex Encoding) |
| CWE-181 | Incorrect Behavior Order: Validate Before Filter |
| CWE-183 | Permissive List of Allowed Inputs |
| CWE-184 | Incomplete List of Disallowed Inputs |
| CWE-692 | Incomplete Denylist to Cross-Site Scripting |
| CWE-697 | Incorrect Comparison |
|
| Subverting Environment Variable Values |
| CWE-15 | External Control of System or Configuration Setting |
| CWE-20 | Improper Input Validation |
| CWE-73 | External Control of File Name or Path |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor |
| CWE-285 | Improper Authorization |
| CWE-302 | Authentication Bypass by Assumed-Immutable Data |
| CWE-353 | Missing Support for Integrity Check |
|
| Format String Injection |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-133 | String Errors |
| CWE-134 | Use of Externally-Controlled Format String |
|
| Flash Injection |
| CWE-20 | Improper Input Validation |
| CWE-184 | Incomplete List of Disallowed Inputs |
| CWE-697 | Incorrect Comparison |
|
| Exploiting Trust in Client |
| CWE-20 | Improper Input Validation |
| CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor |
| CWE-287 | Improper Authentication |
| CWE-290 | Authentication Bypass by Spoofing |
| CWE-693 | Protection Mechanism Failure |
|
| XML Nested Payloads |
| CWE-19 | Data Processing Errors |
| CWE-20 | Improper Input Validation |
| CWE-112 | Missing XML Validation |
| CWE-674 | Uncontrolled Recursion |
| CWE-770 | Allocation of Resources Without Limits or Throttling |
|
| XML Injection |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-91 | XML Injection (aka Blind XPath Injection) |
| CWE-707 | Improper Neutralization |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
| Leverage Alternate Encoding |
| CWE-20 | Improper Input Validation |
| CWE-21 | DEPRECATED: Pathname Traversal and Equivalence Errors |
| CWE-73 | External Control of File Name or Path |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
| CWE-172 | Encoding Error |
| CWE-173 | Improper Handling of Alternate Encoding |
| CWE-180 | Incorrect Behavior Order: Validate Before Canonicalize |
| CWE-181 | Incorrect Behavior Order: Validate Before Filter |
| CWE-692 | Incomplete Denylist to Cross-Site Scripting |
| CWE-697 | Incorrect Comparison |
|
| Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
| CWE-20 | Improper Input Validation |
| CWE-41 | Improper Resolution of Path Equivalence |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
| CWE-172 | Encoding Error |
| CWE-173 | Improper Handling of Alternate Encoding |
| CWE-179 | Incorrect Behavior Order: Early Validation |
| CWE-180 | Incorrect Behavior Order: Validate Before Canonicalize |
| CWE-181 | Incorrect Behavior Order: Validate Before Filter |
| CWE-183 | Permissive List of Allowed Inputs |
| CWE-184 | Incomplete List of Disallowed Inputs |
| CWE-697 | Incorrect Comparison |
| CWE-707 | Improper Neutralization |
|
| Exploiting Multiple Input Interpretation Layers |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
| CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
| CWE-179 | Incorrect Behavior Order: Early Validation |
| CWE-181 | Incorrect Behavior Order: Validate Before Filter |
| CWE-183 | Permissive List of Allowed Inputs |
| CWE-184 | Incomplete List of Disallowed Inputs |
| CWE-697 | Incorrect Comparison |
| CWE-707 | Improper Neutralization |
|
| Cross-Site Scripting (XSS) |
| CWE-20 | Improper Input Validation |
| CWE-79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
|
| User-Controlled Filename |
| CWE-20 | Improper Input Validation |
| CWE-86 | Improper Neutralization of Invalid Characters in Identifiers in Web Pages |
| CWE-96 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') |
| CWE-116 | Improper Encoding or Escaping of Output |
| CWE-184 | Incomplete List of Disallowed Inputs |
| CWE-348 | Use of Less Trusted Source |
| CWE-350 | Reliance on Reverse DNS Resolution for a Security-Critical Action |
| CWE-697 | Incorrect Comparison |
|
