CAPEC Related Weakness
Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CWE-20 Improper Input Validation
CWE-41 Improper Resolution of Path Equivalence
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172 Encoding Error
CWE-173 Improper Handling of Alternate Encoding
CWE-179 Incorrect Behavior Order: Early Validation
CWE-180 Incorrect Behavior Order: Validate Before Canonicalize
CWE-181 Incorrect Behavior Order: Validate Before Filter
CWE-183 Permissive List of Allowed Inputs
CWE-184 Incomplete List of Disallowed Inputs
CWE-697 Incorrect Comparison
CWE-707 Improper Neutralization
Exploiting Multiple Input Interpretation Layers
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-171
CWE-179 Incorrect Behavior Order: Early Validation
CWE-181 Incorrect Behavior Order: Validate Before Filter
CWE-183 Permissive List of Allowed Inputs
CWE-184 Incomplete List of Disallowed Inputs
CWE-697 Incorrect Comparison
CWE-707 Improper Neutralization
Double Encoding
CWE-20 Improper Input Validation
CWE-21
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172 Encoding Error
CWE-173 Improper Handling of Alternate Encoding
CWE-177 Improper Handling of URL Encoding (Hex Encoding)
CWE-181 Incorrect Behavior Order: Validate Before Filter
CWE-183 Permissive List of Allowed Inputs
CWE-184 Incomplete List of Disallowed Inputs
CWE-692 Incomplete Denylist to Cross-Site Scripting
CWE-697 Incorrect Comparison
Using Unicode Encoding to Bypass Validation Logic
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172 Encoding Error
CWE-173 Improper Handling of Alternate Encoding
CWE-176 Improper Handling of Unicode Encoding
CWE-179 Incorrect Behavior Order: Early Validation
CWE-180 Incorrect Behavior Order: Validate Before Canonicalize
CWE-183 Permissive List of Allowed Inputs
CWE-184 Incomplete List of Disallowed Inputs
CWE-692 Incomplete Denylist to Cross-Site Scripting
CWE-697 Incorrect Comparison