CAPEC Related Weakness
Embedding Scripts in Non-Script Elements
CWE-20Improper Input Validation
CWE-71DEPRECATED: Apple '.DS_Store'
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE-82Improper Neutralization of Script in Attributes of IMG Tags in a Web Page
CWE-83Improper Neutralization of Script in Attributes in a Web Page
CWE-84Improper Neutralization of Encoded URI Schemes in a Web Page
CWE-86Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-116Improper Encoding or Escaping of Output
CWE-184Incomplete Blacklist
CWE-348Use of Less Trusted Source
CWE-350Reliance on Reverse DNS Resolution for a Security-Critical Action
CWE-692Incomplete Blacklist to Cross-Site Scripting
CWE-697Incorrect Comparison
CWE-713OWASP Top Ten 2007 Category A2 - Injection Flaws
Embedding Scripts within Scripts
CWE-71DEPRECATED: Apple '.DS_Store'
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-276Incorrect Default Permissions
CWE-279Incorrect Execution-Assigned Permissions
CWE-284Improper Access Control
CWE-692Incomplete Blacklist to Cross-Site Scripting
CWE-697Incorrect Comparison
CWE-713OWASP Top Ten 2007 Category A2 - Injection Flaws
Cross-Site Scripting Using Alternate Syntax
CWE-20Improper Input Validation
CWE-71DEPRECATED: Apple '.DS_Store'
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-85Doubled Character XSS Manipulations
CWE-86Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-87Improper Neutralization of Alternate XSS Syntax
CWE-692Incomplete Blacklist to Cross-Site Scripting
CWE-697Incorrect Comparison
CWE-713OWASP Top Ten 2007 Category A2 - Injection Flaws
Cross-Site Scripting via Encoded URI Schemes
CWE-20Improper Input Validation
CWE-71DEPRECATED: Apple '.DS_Store'
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-84Improper Neutralization of Encoded URI Schemes in a Web Page
CWE-85Doubled Character XSS Manipulations
CWE-86Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-692Incomplete Blacklist to Cross-Site Scripting
CWE-697Incorrect Comparison
CWE-713OWASP Top Ten 2007 Category A2 - Injection Flaws
Leverage Alternate Encoding
CWE-20Improper Input Validation
CWE-21Pathname Traversal and Equivalence Errors
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171Cleansing, Canonicalization, and Comparison Errors
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-180Incorrect Behavior Order: Validate Before Canonicalize
CWE-181Incorrect Behavior Order: Validate Before Filter
CWE-692Incomplete Blacklist to Cross-Site Scripting
CWE-697Incorrect Comparison
Embedding Scripts in HTTP Query Strings
CWE-20Improper Input Validation
CWE-71DEPRECATED: Apple '.DS_Store'
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-84Improper Neutralization of Encoded URI Schemes in a Web Page
CWE-85Doubled Character XSS Manipulations
CWE-86Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-692Incomplete Blacklist to Cross-Site Scripting
CWE-697Incorrect Comparison
CWE-713OWASP Top Ten 2007 Category A2 - Injection Flaws
Simple Script Injection
CWE-20Improper Input Validation
CWE-71DEPRECATED: Apple '.DS_Store'
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-86Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CWE-116Improper Encoding or Escaping of Output
CWE-184Incomplete Blacklist
CWE-348Use of Less Trusted Source
CWE-350Reliance on Reverse DNS Resolution for a Security-Critical Action
CWE-602Client-Side Enforcement of Server-Side Security
CWE-692Incomplete Blacklist to Cross-Site Scripting
CWE-697Incorrect Comparison
CWE-713OWASP Top Ten 2007 Category A2 - Injection Flaws
Using Unicode Encoding to Bypass Validation Logic
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171Cleansing, Canonicalization, and Comparison Errors
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-176Improper Handling of Unicode Encoding
CWE-179Incorrect Behavior Order: Early Validation
CWE-180Incorrect Behavior Order: Validate Before Canonicalize
CWE-183Permissive Whitelist
CWE-184Incomplete Blacklist
CWE-692Incomplete Blacklist to Cross-Site Scripting
CWE-697Incorrect Comparison
Using UTF-8 Encoding to Bypass Validation Logic
CWE-20Improper Input Validation
CWE-21Pathname Traversal and Equivalence Errors
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171Cleansing, Canonicalization, and Comparison Errors
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-180Incorrect Behavior Order: Validate Before Canonicalize
CWE-181Incorrect Behavior Order: Validate Before Filter
CWE-692Incomplete Blacklist to Cross-Site Scripting
CWE-697Incorrect Comparison
AJAX Fingerprinting
CWE-20Improper Input Validation
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-86Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CWE-116Improper Encoding or Escaping of Output
CWE-184Incomplete Blacklist
CWE-348Use of Less Trusted Source
CWE-692Incomplete Blacklist to Cross-Site Scripting
CWE-712OWASP Top Ten 2007 Category A1 - Cross Site Scripting (XSS)
Embedding Script (XSS) in HTTP Headers
CWE-20Improper Input Validation
CWE-71DEPRECATED: Apple '.DS_Store'
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-86Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-116Improper Encoding or Escaping of Output
CWE-184Incomplete Blacklist
CWE-348Use of Less Trusted Source
CWE-692Incomplete Blacklist to Cross-Site Scripting
CWE-697Incorrect Comparison
CWE-713OWASP Top Ten 2007 Category A2 - Injection Flaws
XSS in IMG Tags
CWE-20Improper Input Validation
CWE-71DEPRECATED: Apple '.DS_Store'
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-82Improper Neutralization of Script in Attributes of IMG Tags in a Web Page
CWE-692Incomplete Blacklist to Cross-Site Scripting
CWE-697Incorrect Comparison
CWE-713OWASP Top Ten 2007 Category A2 - Injection Flaws
Back to Top