CAPEC Related Weakness
Server Side Include (SSI) Injection
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-97Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
CWE-713
Client-side Injection-induced Buffer Overflow
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118Improper Access of Indexable Resource ('Range Error')
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-353Missing Support for Integrity Check
CWE-680
CWE-697Insufficient Comparison
CWE-713
Command Delimiters
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-93Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-138Improper Neutralization of Special Elements
CWE-140Improper Neutralization of Delimiters
CWE-146Improper Neutralization of Expression/Command Delimiters
CWE-154Improper Neutralization of Variable Name Delimiters
CWE-157Failure to Sanitize Paired Delimiters
CWE-184Incomplete Blacklist
CWE-185Incorrect Regular Expression
CWE-697Insufficient Comparison
CWE-713
Embedding Scripts in Non-Script Elements
CWE-20Improper Input Validation
CWE-71Apple '.DS_Store'
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE-82Improper Neutralization of Script in Attributes of IMG Tags in a Web Page
CWE-83Improper Neutralization of Script in Attributes in a Web Page
CWE-84Improper Neutralization of Encoded URI Schemes in a Web Page
CWE-86Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-116Improper Encoding or Escaping of Output
CWE-184Incomplete Blacklist
CWE-348Use of Less Trusted Source
CWE-350Reliance on Reverse DNS Resolution for a Security-Critical Action
CWE-692
CWE-697Insufficient Comparison
CWE-713
Embedding Scripts within Scripts
CWE-71Apple '.DS_Store'
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-276Incorrect Default Permissions
CWE-279Incorrect Execution-Assigned Permissions
CWE-284Improper Access Control
CWE-692
CWE-697Insufficient Comparison
CWE-713
Cross-Site Scripting Using Alternate Syntax
CWE-20Improper Input Validation
CWE-71Apple '.DS_Store'
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-85Doubled Character XSS Manipulations
CWE-86Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-87Improper Neutralization of Alternate XSS Syntax
CWE-692
CWE-697Insufficient Comparison
CWE-713
File System Function Injection, Content Based
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-23Relative Path Traversal
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-713
CWE-715
Cross-Site Scripting via Encoded URI Schemes
CWE-20Improper Input Validation
CWE-71Apple '.DS_Store'
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-84Improper Neutralization of Encoded URI Schemes in a Web Page
CWE-85Doubled Character XSS Manipulations
CWE-86Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-692
CWE-697Insufficient Comparison
CWE-713
XML Injection
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-91XML Injection (aka Blind XPath Injection)
CWE-390Detection of Error Condition Without Action
CWE-707Improper Enforcement of Message or Data Structure
CWE-713
Embedding Scripts in HTTP Query Strings
CWE-20Improper Input Validation
CWE-71Apple '.DS_Store'
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-84Improper Neutralization of Encoded URI Schemes in a Web Page
CWE-85Doubled Character XSS Manipulations
CWE-86Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-692
CWE-697Insufficient Comparison
CWE-713
HTTP Response Splitting
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CWE-697Insufficient Comparison
CWE-707Improper Enforcement of Message or Data Structure
CWE-713
Using Meta-characters in E-mail Headers to Inject Malicious Payloads
CWE-88Argument Injection or Modification
CWE-150Improper Neutralization of Escape, Meta, or Control Sequences
CWE-697Insufficient Comparison
CWE-713
Overflow Binary Resource File
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-697Insufficient Comparison
CWE-713
Argument Injection
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-146Improper Neutralization of Expression/Command Delimiters
CWE-184Incomplete Blacklist
CWE-185Incorrect Regular Expression
CWE-697Insufficient Comparison
CWE-713
Simple Script Injection
CWE-20Improper Input Validation
CWE-71Apple '.DS_Store'
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-86Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CWE-116Improper Encoding or Escaping of Output
CWE-184Incomplete Blacklist
CWE-348Use of Less Trusted Source
CWE-350Reliance on Reverse DNS Resolution for a Security-Critical Action
CWE-602Client-Side Enforcement of Server-Side Security
CWE-692
CWE-697Insufficient Comparison
CWE-713
SQL Injection
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-390Detection of Error Condition Without Action
CWE-697Insufficient Comparison
CWE-707Improper Enforcement of Message or Data Structure
CWE-713
Blind SQL Injection
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-209Information Exposure Through an Error Message
CWE-390Detection of Error Condition Without Action
CWE-697Insufficient Comparison
CWE-707Improper Enforcement of Message or Data Structure
CWE-713
Manipulating Writeable Configuration Files
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-99Improper Control of Resource Identifiers ('Resource Injection')
CWE-346Origin Validation Error
CWE-349Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-353Missing Support for Integrity Check
CWE-354Improper Validation of Integrity Check Value
CWE-713
Web Logs Tampering
CWE-20Improper Input Validation
CWE-92DEPRECATED: Improper Sanitization of Custom Special Characters
CWE-93Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-116Improper Encoding or Escaping of Output
CWE-117Improper Output Neutralization for Logs
CWE-150Improper Neutralization of Escape, Meta, or Control Sequences
CWE-221Information Loss or Omission
CWE-276Incorrect Default Permissions
CWE-279Incorrect Execution-Assigned Permissions
CWE-713
XPath Injection
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-91XML Injection (aka Blind XPath Injection)
CWE-390Detection of Error Condition Without Action
CWE-707Improper Enforcement of Message or Data Structure
CWE-713
XQuery Injection
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-707Improper Enforcement of Message or Data Structure
CWE-713
Embedding Script (XSS) in HTTP Headers
CWE-20Improper Input Validation
CWE-71Apple '.DS_Store'
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-86Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-116Improper Encoding or Escaping of Output
CWE-184Incomplete Blacklist
CWE-348Use of Less Trusted Source
CWE-692
CWE-697Insufficient Comparison
CWE-713
OS Command Injection
CWE-20Improper Input Validation
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-88Argument Injection or Modification
CWE-697Insufficient Comparison
CWE-713
XSS in IMG Tags
CWE-20Improper Input Validation
CWE-71Apple '.DS_Store'
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-82Improper Neutralization of Script in Attributes of IMG Tags in a Web Page
CWE-692
CWE-697Insufficient Comparison
CWE-713
Log Injection-Tampering-Forging
CWE-92DEPRECATED: Improper Sanitization of Custom Special Characters
CWE-117Improper Output Neutralization for Logs
CWE-150Improper Neutralization of Escape, Meta, or Control Sequences
CWE-713
Back to Top