CAPEC Related Weakness
JSON Hijacking (aka JavaScript Hijacking)
CWE-345Insufficient Verification of Data Authenticity
CWE-346Origin Validation Error
CWE-352
Cache Poisoning
CWE-345Insufficient Verification of Data Authenticity
CWE-346Origin Validation Error
CWE-348Use of Less Trusted Source
CWE-349Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-441Unintended Proxy or Intermediary ('Confused Deputy')
DNS Cache Poisoning
CWE-345Insufficient Verification of Data Authenticity
CWE-346Origin Validation Error
CWE-348Use of Less Trusted Source
CWE-349Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-350Reliance on Reverse DNS Resolution for a Security-Critical Action
CWE-441Unintended Proxy or Intermediary ('Confused Deputy')
Cross-Site Scripting Using MIME Type Mismatch
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-345Insufficient Verification of Data Authenticity
CWE-646Reliance on File Name or Extension of Externally-Supplied File
Spoofing of UDDI/ebXML Messages
CWE-345Insufficient Verification of Data Authenticity
Application API Message Manipulation via Man-in-the-Middle
CWE-311Missing Encryption of Sensitive Data
CWE-345Insufficient Verification of Data Authenticity
CWE-346Origin Validation Error
CWE-471Modification of Assumed-Immutable Data (MAID)
CWE-602Client-Side Enforcement of Server-Side Security
Transaction or Event Tampering via Application API Manipulation
CWE-311Missing Encryption of Sensitive Data
CWE-345Insufficient Verification of Data Authenticity
CWE-346Origin Validation Error
CWE-471Modification of Assumed-Immutable Data (MAID)
CWE-602Client-Side Enforcement of Server-Side Security
Application API Navigation Remapping
CWE-311Missing Encryption of Sensitive Data
CWE-345Insufficient Verification of Data Authenticity
CWE-346Origin Validation Error
CWE-471Modification of Assumed-Immutable Data (MAID)
CWE-602Client-Side Enforcement of Server-Side Security
Navigation Remapping To Propagate Malicious Content
CWE-311Missing Encryption of Sensitive Data
CWE-345Insufficient Verification of Data Authenticity
CWE-346Origin Validation Error
CWE-471Modification of Assumed-Immutable Data (MAID)
CWE-602Client-Side Enforcement of Server-Side Security
Application API Button Hijacking
CWE-311Missing Encryption of Sensitive Data
CWE-345Insufficient Verification of Data Authenticity
CWE-346Origin Validation Error
CWE-471Modification of Assumed-Immutable Data (MAID)
CWE-602Client-Side Enforcement of Server-Side Security
Content Spoofing Via Application API Manipulation
CWE-311Missing Encryption of Sensitive Data
CWE-345Insufficient Verification of Data Authenticity
CWE-346Origin Validation Error
CWE-602Client-Side Enforcement of Server-Side Security
Using Alternative IP Address Encodings
CWE-41Improper Resolution of Path Equivalence
CWE-180Incorrect Behavior Order: Validate Before Canonicalize
CWE-291Reliance on IP Address for Authentication
CWE-345Insufficient Verification of Data Authenticity
CWE-697Insufficient Comparison
CWE-707Improper Enforcement of Message or Data Structure
Back to Top