CAPEC Related Weakness
User-Controlled Filename
CWE-20 Improper Input Validation
CWE-86 Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-116 Improper Encoding or Escaping of Output
CWE-184 Incomplete List of Disallowed Inputs
CWE-348 Use of Less Trusted Source
CWE-350 Reliance on Reverse DNS Resolution for a Security-Critical Action
CWE-697 Incorrect Comparison
AJAX Footprinting
CWE-20 Improper Input Validation
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-86 Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CWE-116 Improper Encoding or Escaping of Output
CWE-184 Incomplete List of Disallowed Inputs
CWE-348 Use of Less Trusted Source
CWE-692 Incomplete Denylist to Cross-Site Scripting
CWE-712 OWASP Top Ten 2007 Category A1 - Cross Site Scripting (XSS)
Manipulating User-Controlled Variables
CWE-15 External Control of System or Configuration Setting
CWE-94 Improper Control of Generation of Code ('Code Injection')
CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-285 Improper Authorization
CWE-302 Authentication Bypass by Assumed-Immutable Data
CWE-473 PHP External Variable Modification
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Web Logs Tampering
CWE-20 Improper Input Validation
CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-116 Improper Encoding or Escaping of Output
CWE-117 Improper Output Neutralization for Logs
CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences
CWE-221 Information Loss or Omission
CWE-276 Incorrect Default Permissions
CWE-279 Incorrect Execution-Assigned Permissions
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
Leverage Executable Code in Non-Executable Files
CWE-59 Improper Link Resolution Before File Access ('Link Following')
CWE-94 Improper Control of Generation of Code ('Code Injection')
CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-97 Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
CWE-264 Permissions, Privileges, and Access Controls
CWE-270 Privilege Context Switching Error
CWE-272 Least Privilege Violation
CWE-275 Permission Issues
CWE-282 Improper Ownership Management
CWE-714 OWASP Top Ten 2007 Category A3 - Malicious File Execution