CAPEC Related Weakness
Double Encoding
CWE-20Improper Input Validation
CWE-21DEPRECATED: Pathname Traversal and Equivalence Errors
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171DEPRECATED: Cleansing, Canonicalization, and Comparison Errors
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-177Improper Handling of URL Encoding (Hex Encoding)
CWE-181Incorrect Behavior Order: Validate Before Filter
CWE-183Permissive List of Allowed Inputs
CWE-184Incomplete List of Disallowed Inputs
CWE-692Incomplete Denylist to Cross-Site Scripting
CWE-697Incorrect Comparison
Command Delimiters
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-93Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-138Improper Neutralization of Special Elements
CWE-140Improper Neutralization of Delimiters
CWE-146Improper Neutralization of Expression/Command Delimiters
CWE-154Improper Neutralization of Variable Name Delimiters
CWE-157Failure to Sanitize Paired Delimiters
CWE-184Incomplete List of Disallowed Inputs
CWE-185Incorrect Regular Expression
CWE-697Incorrect Comparison
CWE-713OWASP Top Ten 2007 Category A2 - Injection Flaws
Flash Injection
CWE-20Improper Input Validation
CWE-184Incomplete List of Disallowed Inputs
CWE-697Incorrect Comparison
Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CWE-20Improper Input Validation
CWE-41Improper Resolution of Path Equivalence
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171DEPRECATED: Cleansing, Canonicalization, and Comparison Errors
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-179Incorrect Behavior Order: Early Validation
CWE-180Incorrect Behavior Order: Validate Before Canonicalize
CWE-181Incorrect Behavior Order: Validate Before Filter
CWE-183Permissive List of Allowed Inputs
CWE-184Incomplete List of Disallowed Inputs
CWE-697Incorrect Comparison
CWE-707Improper Neutralization
Exploiting Multiple Input Interpretation Layers
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-171DEPRECATED: Cleansing, Canonicalization, and Comparison Errors
CWE-179Incorrect Behavior Order: Early Validation
CWE-181Incorrect Behavior Order: Validate Before Filter
CWE-183Permissive List of Allowed Inputs
CWE-184Incomplete List of Disallowed Inputs
CWE-697Incorrect Comparison
CWE-707Improper Neutralization
Argument Injection
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-146Improper Neutralization of Expression/Command Delimiters
CWE-184Incomplete List of Disallowed Inputs
CWE-185Incorrect Regular Expression
CWE-697Incorrect Comparison
CWE-713OWASP Top Ten 2007 Category A2 - Injection Flaws
Using Unicode Encoding to Bypass Validation Logic
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171DEPRECATED: Cleansing, Canonicalization, and Comparison Errors
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-176Improper Handling of Unicode Encoding
CWE-179Incorrect Behavior Order: Early Validation
CWE-180Incorrect Behavior Order: Validate Before Canonicalize
CWE-183Permissive List of Allowed Inputs
CWE-184Incomplete List of Disallowed Inputs
CWE-692Incomplete Denylist to Cross-Site Scripting
CWE-697Incorrect Comparison
User-Controlled Filename
CWE-20Improper Input Validation
CWE-86Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-116Improper Encoding or Escaping of Output
CWE-184Incomplete List of Disallowed Inputs
CWE-348Use of Less Trusted Source
CWE-350Reliance on Reverse DNS Resolution for a Security-Critical Action
CWE-697Incorrect Comparison
AJAX Fingerprinting
CWE-20Improper Input Validation
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-86Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CWE-116Improper Encoding or Escaping of Output
CWE-184Incomplete List of Disallowed Inputs
CWE-348Use of Less Trusted Source
CWE-692Incomplete Denylist to Cross-Site Scripting
CWE-712OWASP Top Ten 2007 Category A1 - Cross Site Scripting (XSS)
Back to Top