| Double Encoding |
|
CWE-20
|
Improper Input Validation
|
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
|
CWE-172
|
Encoding Error
|
|
CWE-173
|
Improper Handling of Alternate Encoding
|
|
CWE-177
|
Improper Handling of URL Encoding (Hex Encoding)
|
|
CWE-181
|
Incorrect Behavior Order: Validate Before Filter
|
|
CWE-183
|
Permissive List of Allowed Inputs
|
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
|
CWE-692
|
Incomplete Denylist to Cross-Site Scripting
|
|
CWE-697
|
Incorrect Comparison
|
|
| Command Delimiters |
|
CWE-77
|
Improper Neutralization of Special Elements used in a Command ('Command Injection')
|
|
CWE-78
|
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
|
|
CWE-93
|
Improper Neutralization of CRLF Sequences ('CRLF Injection')
|
|
CWE-138
|
Improper Neutralization of Special Elements
|
|
CWE-140
|
Improper Neutralization of Delimiters
|
|
CWE-146
|
Improper Neutralization of Expression/Command Delimiters
|
|
CWE-154
|
Improper Neutralization of Variable Name Delimiters
|
|
CWE-157
|
Failure to Sanitize Paired Delimiters
|
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
|
CWE-185
|
Incorrect Regular Expression
|
|
CWE-697
|
Incorrect Comparison
|
|
| Flash Injection |
|
CWE-20
|
Improper Input Validation
|
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
|
CWE-697
|
Incorrect Comparison
|
|
| Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
|
CWE-20
|
Improper Input Validation
|
|
CWE-41
|
Improper Resolution of Path Equivalence
|
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
|
CWE-172
|
Encoding Error
|
|
CWE-173
|
Improper Handling of Alternate Encoding
|
|
CWE-179
|
Incorrect Behavior Order: Early Validation
|
|
CWE-180
|
Incorrect Behavior Order: Validate Before Canonicalize
|
|
CWE-181
|
Incorrect Behavior Order: Validate Before Filter
|
|
CWE-183
|
Permissive List of Allowed Inputs
|
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
|
CWE-697
|
Incorrect Comparison
|
|
CWE-707
|
Improper Neutralization
|
|
| Exploiting Multiple Input Interpretation Layers |
|
CWE-20
|
Improper Input Validation
|
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
|
CWE-77
|
Improper Neutralization of Special Elements used in a Command ('Command Injection')
|
|
CWE-78
|
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
|
|
CWE-179
|
Incorrect Behavior Order: Early Validation
|
|
CWE-181
|
Incorrect Behavior Order: Validate Before Filter
|
|
CWE-183
|
Permissive List of Allowed Inputs
|
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
|
CWE-697
|
Incorrect Comparison
|
|
CWE-707
|
Improper Neutralization
|
|
| Argument Injection |
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
|
CWE-78
|
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
|
|
CWE-146
|
Improper Neutralization of Expression/Command Delimiters
|
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
|
CWE-185
|
Incorrect Regular Expression
|
|
CWE-697
|
Incorrect Comparison
|
|
| Using Unicode Encoding to Bypass Validation Logic |
|
CWE-20
|
Improper Input Validation
|
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
|
CWE-172
|
Encoding Error
|
|
CWE-173
|
Improper Handling of Alternate Encoding
|
|
CWE-176
|
Improper Handling of Unicode Encoding
|
|
CWE-179
|
Incorrect Behavior Order: Early Validation
|
|
CWE-180
|
Incorrect Behavior Order: Validate Before Canonicalize
|
|
CWE-183
|
Permissive List of Allowed Inputs
|
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
|
CWE-692
|
Incomplete Denylist to Cross-Site Scripting
|
|
CWE-697
|
Incorrect Comparison
|
|
| User-Controlled Filename |
|
CWE-20
|
Improper Input Validation
|
|
CWE-86
|
Improper Neutralization of Invalid Characters in Identifiers in Web Pages
|
|
CWE-96
|
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
|
|
CWE-116
|
Improper Encoding or Escaping of Output
|
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
|
CWE-348
|
Use of Less Trusted Source
|
|
CWE-350
|
Reliance on Reverse DNS Resolution for a Security-Critical Action
|
|
CWE-697
|
Incorrect Comparison
|
|
| AJAX Footprinting |
|
CWE-20
|
Improper Input Validation
|
|
CWE-79
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|
CWE-86
|
Improper Neutralization of Invalid Characters in Identifiers in Web Pages
|
|
CWE-96
|
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
|
|
CWE-113
|
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
|
|
CWE-116
|
Improper Encoding or Escaping of Output
|
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
|
CWE-348
|
Use of Less Trusted Source
|
|
CWE-692
|
Incomplete Denylist to Cross-Site Scripting
|
|