| CAPEC | Related Weakness |
| Navigation Remapping To Propagate Malicious Content |
| CWE-311 | Missing Encryption of Sensitive Data |
| CWE-345 | Insufficient Verification of Data Authenticity |
| CWE-346 | Origin Validation Error |
| CWE-471 | Modification of Assumed-Immutable Data (MAID) |
| CWE-602 | Client-Side Enforcement of Server-Side Security |
|
| Transaction or Event Tampering via Application API Manipulation |
| CWE-311 | Missing Encryption of Sensitive Data |
| CWE-345 | Insufficient Verification of Data Authenticity |
| CWE-346 | Origin Validation Error |
| CWE-471 | Modification of Assumed-Immutable Data (MAID) |
| CWE-602 | Client-Side Enforcement of Server-Side Security |
|
| Application API Message Manipulation via Man-in-the-Middle |
| CWE-311 | Missing Encryption of Sensitive Data |
| CWE-345 | Insufficient Verification of Data Authenticity |
| CWE-346 | Origin Validation Error |
| CWE-471 | Modification of Assumed-Immutable Data (MAID) |
| CWE-602 | Client-Side Enforcement of Server-Side Security |
|
| Application API Navigation Remapping |
| CWE-311 | Missing Encryption of Sensitive Data |
| CWE-345 | Insufficient Verification of Data Authenticity |
| CWE-346 | Origin Validation Error |
| CWE-471 | Modification of Assumed-Immutable Data (MAID) |
| CWE-602 | Client-Side Enforcement of Server-Side Security |
|
| Application API Button Hijacking |
| CWE-311 | Missing Encryption of Sensitive Data |
| CWE-345 | Insufficient Verification of Data Authenticity |
| CWE-346 | Origin Validation Error |
| CWE-471 | Modification of Assumed-Immutable Data (MAID) |
| CWE-602 | Client-Side Enforcement of Server-Side Security |
|
