1. CWE Types
  2. Weaknesses related to CWE-348
CAPEC Related Weakness
Manipulating Web Input to File System Calls
CWE-15External Control of System or Configuration Setting
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-23Relative Path Traversal
CWE-59Improper Link Resolution Before File Access ('Link Following')
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-264Permissions, Privileges, and Access Controls
CWE-272Least Privilege Violation
CWE-285Improper Authorization
CWE-346Origin Validation Error
CWE-348Use of Less Trusted Source
CWE-715OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference
DNS Cache Poisoning
CWE-345Insufficient Verification of Data Authenticity
CWE-346Origin Validation Error
CWE-348Use of Less Trusted Source
CWE-349Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-350Reliance on Reverse DNS Resolution for a Security-Critical Action
CWE-441Unintended Proxy or Intermediary ('Confused Deputy')
Cache Poisoning
CWE-345Insufficient Verification of Data Authenticity
CWE-346Origin Validation Error
CWE-348Use of Less Trusted Source
CWE-349Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-441Unintended Proxy or Intermediary ('Confused Deputy')
AJAX Fingerprinting
CWE-20Improper Input Validation
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-86Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CWE-116Improper Encoding or Escaping of Output
CWE-184Incomplete List of Disallowed Inputs
CWE-348Use of Less Trusted Source
CWE-692Incomplete Denylist to Cross-Site Scripting
CWE-712OWASP Top Ten 2007 Category A1 - Cross Site Scripting (XSS)
User-Controlled Filename
CWE-20Improper Input Validation
CWE-86Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-116Improper Encoding or Escaping of Output
CWE-184Incomplete List of Disallowed Inputs
CWE-348Use of Less Trusted Source
CWE-350Reliance on Reverse DNS Resolution for a Security-Critical Action
CWE-697Incorrect Comparison
Back to Top