CAPEC | Related Weakness |
Cross Zone Scripting |
CWE-20 | Improper Input Validation |
CWE-116 | Improper Encoding or Escaping of Output |
CWE-250 | Execution with Unnecessary Privileges |
CWE-285 | Improper Authorization |
CWE-638 | Not Using Complete Mediation |
|
Target Programs with Elevated Privileges |
CWE-15 | External Control of System or Configuration Setting |
CWE-250 | Execution with Unnecessary Privileges |
CWE-264 | Permissions, Privileges, and Access Controls |
|
Expanding Control over the Operating System from the Database |
CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
CWE-250 | Execution with Unnecessary Privileges |
|