Search
Weaknesses
| CWE | Weakness | Actions |
|---|---|---|
| CWE-1336 |
Improper Neutralization of Special Elements Used in a Template Engine
The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine. |
|
| CWE-138 |
Improper Neutralization of Special Elements
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as control elements or syntactic markers when they are sent to a downstream component. |
|
| CWE-97 |
Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
The product generates a web page, but does not neutralize or incorrectly neutralizes user-controllable input that could be interpreted as a server-side include (SSI) directive. |
|
| CWE-145 |
Improper Neutralization of Section Delimiters
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as section delimiters when they are sent to a downstream component. |
|
| CWE-80 |
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages. |
|
| CWE-81 |
Improper Neutralization of Script in an Error Message Web Page
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters that could be interpreted as web-scripting elements when they are sent to an error page. |
|
| CWE-82 |
Improper Neutralization of Script in Attributes of IMG Tags in a Web Page
The web application does not neutralize or incorrectly neutralizes scripting elements within attributes of HTML IMG tags, such as the src attribute. |
|
| CWE-83 |
Improper Neutralization of Script in Attributes in a Web Page
The product does not neutralize or incorrectly neutralizes "javascript:" or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style. |
|
| CWE-143 |
Improper Neutralization of Record Delimiters
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as record delimiters when they are sent to a downstream component. |
|
| CWE-149 |
Improper Neutralization of Quoting Syntax
Quotes injected into a product can be used to compromise a system. As data are parsed, an injected/absent/duplicate/malformed use of quotes may cause the process to take unexpected actions. |
|
| CWE-141 |
Improper Neutralization of Parameter/Argument Delimiters
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as parameter or argument delimiters when they are sent to a downstream component. |
|
| CWE-158 |
Improper Neutralization of Null Byte or NUL Character
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes NUL characters or null bytes when they are sent to a downstream component. |
|
| CWE-163 |
Improper Neutralization of Multiple Trailing Special Elements
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes multiple trailing special elements that could be interpreted in unexpected ways when they are sent to a downstream component. |
|
| CWE-161 |
Improper Neutralization of Multiple Leading Special Elements
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes multiple leading special elements that could be interpreted in unexpected ways when they are sent to a downstream component. |
|
| CWE-165 |
Improper Neutralization of Multiple Internal Special Elements
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes multiple internal special elements that could be interpreted in unexpected ways when they are sent to a downstream component. |
|
| CWE-152 |
Improper Neutralization of Macro Symbols
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as macro symbols when they are sent to a downstream component. |
|
| CWE-144 |
Improper Neutralization of Line Delimiters
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as line delimiters when they are sent to a downstream component. |
|
| CWE-160 |
Improper Neutralization of Leading Special Elements
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes leading special elements that could be interpreted in unexpected ways when they are sent to a downstream component. |
|
| CWE-86 |
Improper Neutralization of Invalid Characters in Identifiers in Web Pages
The product does not neutralize or incorrectly neutralizes invalid characters or byte sequences in the middle of tag names, URI schemes, and other identifiers. |
|
| CWE-164 |
Improper Neutralization of Internal Special Elements
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes internal special elements that could be interpreted in unexpected ways when they are sent to a downstream component. |