CAPEC Related Weakness
Transaction or Event Tampering via Application API Manipulation
CWE-311 Missing Encryption of Sensitive Data
CWE-345 Insufficient Verification of Data Authenticity
CWE-346 Origin Validation Error
CWE-471 Modification of Assumed-Immutable Data (MAID)
CWE-602 Client-Side Enforcement of Server-Side Security
JSON Hijacking (aka JavaScript Hijacking)
CWE-345 Insufficient Verification of Data Authenticity
CWE-346 Origin Validation Error
CWE-352 Cross-Site Request Forgery (CSRF)
Cache Poisoning
CWE-345 Insufficient Verification of Data Authenticity
CWE-346 Origin Validation Error
CWE-348 Use of Less Trusted Source
CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-441 Unintended Proxy or Intermediary ('Confused Deputy')
Navigation Remapping To Propagate Malicious Content
CWE-311 Missing Encryption of Sensitive Data
CWE-345 Insufficient Verification of Data Authenticity
CWE-346 Origin Validation Error
CWE-471 Modification of Assumed-Immutable Data (MAID)
CWE-602 Client-Side Enforcement of Server-Side Security
Spoofing of UDDI/ebXML Messages
CWE-345 Insufficient Verification of Data Authenticity
Application API Message Manipulation via Man-in-the-Middle
CWE-311 Missing Encryption of Sensitive Data
CWE-345 Insufficient Verification of Data Authenticity
CWE-346 Origin Validation Error
CWE-471 Modification of Assumed-Immutable Data (MAID)
CWE-602 Client-Side Enforcement of Server-Side Security
Application API Button Hijacking
CWE-311 Missing Encryption of Sensitive Data
CWE-345 Insufficient Verification of Data Authenticity
CWE-346 Origin Validation Error
CWE-471 Modification of Assumed-Immutable Data (MAID)
CWE-602 Client-Side Enforcement of Server-Side Security
DNS Cache Poisoning
CWE-345 Insufficient Verification of Data Authenticity
CWE-346 Origin Validation Error
CWE-348 Use of Less Trusted Source
CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-350 Reliance on Reverse DNS Resolution for a Security-Critical Action
CWE-441 Unintended Proxy or Intermediary ('Confused Deputy')
Content Spoofing
CWE-345 Insufficient Verification of Data Authenticity
Application API Navigation Remapping
CWE-311 Missing Encryption of Sensitive Data
CWE-345 Insufficient Verification of Data Authenticity
CWE-346 Origin Validation Error
CWE-471 Modification of Assumed-Immutable Data (MAID)
CWE-602 Client-Side Enforcement of Server-Side Security