| CAPEC | Related Weakness |
| Cross Zone Scripting |
| CWE-20 | Improper Input Validation |
| CWE-116 | Improper Encoding or Escaping of Output |
| CWE-250 | Execution with Unnecessary Privileges |
| CWE-285 | Improper Authorization |
| CWE-638 | Not Using Complete Mediation |
|
| Target Programs with Elevated Privileges |
| CWE-15 | External Control of System or Configuration Setting |
| CWE-250 | Execution with Unnecessary Privileges |
| CWE-264 | Permissions, Privileges, and Access Controls |
|
| Expanding Control over the Operating System from the Database |
| CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| CWE-250 | Execution with Unnecessary Privileges |
|
