CAPEC Related Weakness
XSS Using Invalid Characters
CWE-86 Improper Neutralization of Invalid Characters in Identifiers in Web Pages
User-Controlled Filename
CWE-20 Improper Input Validation
CWE-86 Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-116 Improper Encoding or Escaping of Output
CWE-184 Incomplete List of Disallowed Inputs
CWE-348 Use of Less Trusted Source
CWE-350 Reliance on Reverse DNS Resolution for a Security-Critical Action
CWE-697 Incorrect Comparison
AJAX Footprinting
CWE-20 Improper Input Validation
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-86 Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CWE-116 Improper Encoding or Escaping of Output
CWE-184 Incomplete List of Disallowed Inputs
CWE-348 Use of Less Trusted Source
CWE-692 Incomplete Denylist to Cross-Site Scripting