| CWE-20 | Improper Input Validation |
| CWE-79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| CWE-86 | Improper Neutralization of Invalid Characters in Identifiers in Web Pages |
| CWE-96 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') |
| CWE-113 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') |
| CWE-116 | Improper Encoding or Escaping of Output |
| CWE-184 | Incomplete List of Disallowed Inputs |
| CWE-348 | Use of Less Trusted Source |
| CWE-692 | Incomplete Denylist to Cross-Site Scripting |
| CWE-712 | OWASP Top Ten 2007 Category A1 - Cross Site Scripting (XSS) |
