CAPEC Related Weakness
JSON Hijacking (aka JavaScript Hijacking)
CWE-345 Insufficient Verification of Data Authenticity
CWE-346 Origin Validation Error
CWE-352 Cross-Site Request Forgery (CSRF)
Cache Poisoning
CWE-345 Insufficient Verification of Data Authenticity
CWE-346 Origin Validation Error
CWE-348 Use of Less Trusted Source
CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-441 Unintended Proxy or Intermediary ('Confused Deputy')
DNS Cache Poisoning
CWE-345 Insufficient Verification of Data Authenticity
CWE-346 Origin Validation Error
CWE-348 Use of Less Trusted Source
CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-350 Reliance on Reverse DNS Resolution for a Security-Critical Action
CWE-441 Unintended Proxy or Intermediary ('Confused Deputy')
Content Spoofing
CWE-345 Insufficient Verification of Data Authenticity
Spoofing of UDDI/ebXML Messages
CWE-345 Insufficient Verification of Data Authenticity
Application API Message Manipulation via Man-in-the-Middle
CWE-311 Missing Encryption of Sensitive Data
CWE-345 Insufficient Verification of Data Authenticity
CWE-346 Origin Validation Error
CWE-471 Modification of Assumed-Immutable Data (MAID)
CWE-602 Client-Side Enforcement of Server-Side Security
Transaction or Event Tampering via Application API Manipulation
CWE-311 Missing Encryption of Sensitive Data
CWE-345 Insufficient Verification of Data Authenticity
CWE-346 Origin Validation Error
CWE-471 Modification of Assumed-Immutable Data (MAID)
CWE-602 Client-Side Enforcement of Server-Side Security
Application API Navigation Remapping
CWE-311 Missing Encryption of Sensitive Data
CWE-345 Insufficient Verification of Data Authenticity
CWE-346 Origin Validation Error
CWE-471 Modification of Assumed-Immutable Data (MAID)
CWE-602 Client-Side Enforcement of Server-Side Security
Navigation Remapping To Propagate Malicious Content
CWE-311 Missing Encryption of Sensitive Data
CWE-345 Insufficient Verification of Data Authenticity
CWE-346 Origin Validation Error
CWE-471 Modification of Assumed-Immutable Data (MAID)
CWE-602 Client-Side Enforcement of Server-Side Security
Application API Button Hijacking
CWE-311 Missing Encryption of Sensitive Data
CWE-345 Insufficient Verification of Data Authenticity
CWE-346 Origin Validation Error
CWE-471 Modification of Assumed-Immutable Data (MAID)
CWE-602 Client-Side Enforcement of Server-Side Security
Exploitation of Thunderbolt Protection Flaws
CWE-288 Authentication Bypass Using an Alternate Path or Channel
CWE-345 Insufficient Verification of Data Authenticity
CWE-353 Missing Support for Integrity Check
CWE-862 Missing Authorization
CWE-1188 Insecure Default Initialization of Resource