CAPEC Related Weakness
Embedding Scripts in Non-Script Elements
CWE-20Improper Input Validation
CWE-71Apple '.DS_Store'
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE-82Improper Neutralization of Script in Attributes of IMG Tags in a Web Page
CWE-83Improper Neutralization of Script in Attributes in a Web Page
CWE-84Improper Neutralization of Encoded URI Schemes in a Web Page
CWE-86Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-116Improper Encoding or Escaping of Output
CWE-184Incomplete Blacklist
CWE-348Use of Less Trusted Source
CWE-350Reliance on Reverse DNS Resolution for a Security-Critical Action
CWE-692
CWE-697Insufficient Comparison
CWE-713
Simple Script Injection
CWE-20Improper Input Validation
CWE-71Apple '.DS_Store'
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-86Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CWE-116Improper Encoding or Escaping of Output
CWE-184Incomplete Blacklist
CWE-348Use of Less Trusted Source
CWE-350Reliance on Reverse DNS Resolution for a Security-Critical Action
CWE-602Client-Side Enforcement of Server-Side Security
CWE-692
CWE-697Insufficient Comparison
CWE-713
User-Controlled Filename
CWE-20Improper Input Validation
CWE-86Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-116Improper Encoding or Escaping of Output
CWE-184Incomplete Blacklist
CWE-348Use of Less Trusted Source
CWE-350Reliance on Reverse DNS Resolution for a Security-Critical Action
CWE-697Insufficient Comparison
Web Logs Tampering
CWE-20Improper Input Validation
CWE-92DEPRECATED: Improper Sanitization of Custom Special Characters
CWE-93Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-116Improper Encoding or Escaping of Output
CWE-117Improper Output Neutralization for Logs
CWE-150Improper Neutralization of Escape, Meta, or Control Sequences
CWE-221Information Loss or Omission
CWE-276Incorrect Default Permissions
CWE-279Incorrect Execution-Assigned Permissions
CWE-713
AJAX Fingerprinting
CWE-20Improper Input Validation
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-86Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CWE-116Improper Encoding or Escaping of Output
CWE-184Incomplete Blacklist
CWE-348Use of Less Trusted Source
CWE-692
CWE-712
Embedding Script (XSS) in HTTP Headers
CWE-20Improper Input Validation
CWE-71Apple '.DS_Store'
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-86Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-116Improper Encoding or Escaping of Output
CWE-184Incomplete Blacklist
CWE-348Use of Less Trusted Source
CWE-692
CWE-697Insufficient Comparison
CWE-713
Cross Zone Scripting
CWE-20Improper Input Validation
CWE-116Improper Encoding or Escaping of Output
CWE-250Execution with Unnecessary Privileges
CWE-285Improper Authorization
CWE-638Not Using Complete Mediation
Back to Top