Using Slashes and URL Encoding Combined to Bypass Validation Logic |
CWE-20
|
Improper Input Validation
|
CWE-21
|
|
CWE-22
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
|
CWE-73
|
External Control of File Name or Path
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-171
|
|
CWE-172
|
Encoding Error
|
CWE-173
|
Improper Handling of Alternate Encoding
|
CWE-177
|
Improper Handling of URL Encoding (Hex Encoding)
|
CWE-697
|
Incorrect Comparison
|
CWE-707
|
Improper Neutralization
|
|
String Format Overflow in syslog() |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-120
|
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
|
CWE-134
|
Use of Externally-Controlled Format String
|
CWE-680
|
Integer Overflow to Buffer Overflow
|
CWE-697
|
Incorrect Comparison
|
|
URL Encoding |
CWE-20
|
Improper Input Validation
|
CWE-21
|
|
CWE-73
|
External Control of File Name or Path
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-171
|
|
CWE-172
|
Encoding Error
|
CWE-173
|
Improper Handling of Alternate Encoding
|
CWE-177
|
Improper Handling of URL Encoding (Hex Encoding)
|
|
OS Command Injection |
CWE-20
|
Improper Input Validation
|
CWE-78
|
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
|
CWE-88
|
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
|
CWE-697
|
Incorrect Comparison
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|
XML Nested Payloads |
CWE-19
|
Data Processing Errors
|
CWE-20
|
Improper Input Validation
|
CWE-112
|
Missing XML Validation
|
CWE-674
|
Uncontrolled Recursion
|
CWE-770
|
Allocation of Resources Without Limits or Throttling
|
|
Fuzzing for garnering other adjacent user/sensitive data |
CWE-20
|
Improper Input Validation
|
|
MIME Conversion |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-119
|
Improper Restriction of Operations within the Bounds of a Memory Buffer
|
CWE-120
|
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
|
|
Format String Injection |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-133
|
String Errors
|
CWE-134
|
Use of Externally-Controlled Format String
|
|
Flash Injection |
CWE-20
|
Improper Input Validation
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
CWE-697
|
Incorrect Comparison
|
|
Cross-Site Scripting (XSS) |
CWE-20
|
Improper Input Validation
|
CWE-79
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|
XSS Using MIME Type Mismatch |
CWE-20
|
Improper Input Validation
|
CWE-79
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
CWE-646
|
Reliance on File Name or Extension of Externally-Supplied File
|
|
Using Escaped Slashes in Alternate Encoding |
CWE-20
|
Improper Input Validation
|
CWE-21
|
|
CWE-22
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
|
CWE-73
|
External Control of File Name or Path
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-171
|
|
CWE-172
|
Encoding Error
|
CWE-173
|
Improper Handling of Alternate Encoding
|
CWE-180
|
Incorrect Behavior Order: Validate Before Canonicalize
|
CWE-181
|
Incorrect Behavior Order: Validate Before Filter
|
CWE-697
|
Incorrect Comparison
|
CWE-707
|
Improper Neutralization
|
|
Leverage Alternate Encoding |
CWE-20
|
Improper Input Validation
|
CWE-21
|
|
CWE-73
|
External Control of File Name or Path
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-171
|
|
CWE-172
|
Encoding Error
|
CWE-173
|
Improper Handling of Alternate Encoding
|
CWE-180
|
Incorrect Behavior Order: Validate Before Canonicalize
|
CWE-181
|
Incorrect Behavior Order: Validate Before Filter
|
CWE-692
|
Incomplete Denylist to Cross-Site Scripting
|
CWE-697
|
Incorrect Comparison
|
|
Overflow Variables and Tags |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-118
|
Incorrect Access of Indexable Resource ('Range Error')
|
CWE-119
|
Improper Restriction of Operations within the Bounds of a Memory Buffer
|
CWE-120
|
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
|
CWE-680
|
Integer Overflow to Buffer Overflow
|
CWE-697
|
Incorrect Comparison
|
CWE-733
|
Compiler Optimization Removal or Modification of Security-critical Code
|
|
Blind SQL Injection |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-89
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
|
CWE-209
|
Generation of Error Message Containing Sensitive Information
|
CWE-697
|
Incorrect Comparison
|
CWE-707
|
Improper Neutralization
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|
Buffer Overflow in an API Call |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-118
|
Incorrect Access of Indexable Resource ('Range Error')
|
CWE-119
|
Improper Restriction of Operations within the Bounds of a Memory Buffer
|
CWE-120
|
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
|
CWE-680
|
Integer Overflow to Buffer Overflow
|
CWE-697
|
Incorrect Comparison
|
CWE-733
|
Compiler Optimization Removal or Modification of Security-critical Code
|
|
Cross Zone Scripting |
CWE-20
|
Improper Input Validation
|
CWE-116
|
Improper Encoding or Escaping of Output
|
CWE-250
|
Execution with Unnecessary Privileges
|
CWE-285
|
Improper Authorization
|
CWE-638
|
Not Using Complete Mediation
|
|
Command Line Execution through SQL Injection |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-78
|
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
|
CWE-89
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
|
CWE-114
|
Process Control
|
|
LDAP Injection |
CWE-20
|
Improper Input Validation
|
CWE-77
|
Improper Neutralization of Special Elements used in a Command ('Command Injection')
|
CWE-90
|
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
|
|
Client-side Injection-induced Buffer Overflow |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-118
|
Incorrect Access of Indexable Resource ('Range Error')
|
CWE-119
|
Improper Restriction of Operations within the Bounds of a Memory Buffer
|
CWE-120
|
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
|
CWE-353
|
Missing Support for Integrity Check
|
CWE-680
|
Integer Overflow to Buffer Overflow
|
CWE-697
|
Incorrect Comparison
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|
Exploiting Trust in Client |
CWE-20
|
Improper Input Validation
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
CWE-287
|
Improper Authentication
|
CWE-290
|
Authentication Bypass by Spoofing
|
CWE-693
|
Protection Mechanism Failure
|
|
File Content Injection |
CWE-20
|
Improper Input Validation
|
|
Oversized Serialized Data Payloads |
CWE-19
|
Data Processing Errors
|
CWE-20
|
Improper Input Validation
|
CWE-112
|
Missing XML Validation
|
CWE-674
|
Uncontrolled Recursion
|
CWE-770
|
Allocation of Resources Without Limits or Throttling
|
|
Filter Failure through Buffer Overflow |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-118
|
Incorrect Access of Indexable Resource ('Range Error')
|
CWE-119
|
Improper Restriction of Operations within the Bounds of a Memory Buffer
|
CWE-120
|
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
|
CWE-680
|
Integer Overflow to Buffer Overflow
|
CWE-697
|
Incorrect Comparison
|
CWE-733
|
Compiler Optimization Removal or Modification of Security-critical Code
|
|
Accessing/Intercepting/Modifying HTTP Cookies |
CWE-20
|
Improper Input Validation
|
CWE-113
|
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
|
CWE-302
|
Authentication Bypass by Assumed-Immutable Data
|
CWE-311
|
Missing Encryption of Sensitive Data
|
CWE-315
|
Cleartext Storage of Sensitive Information in a Cookie
|
CWE-384
|
Session Fixation
|
CWE-472
|
External Control of Assumed-Immutable Web Parameter
|
CWE-539
|
Use of Persistent Cookies Containing Sensitive Information
|
CWE-565
|
Reliance on Cookies without Validation and Integrity Checking
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
CWE-642
|
External Control of Critical State Data
|
CWE-724
|
OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management
|
|
Exploiting Multiple Input Interpretation Layers |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-77
|
Improper Neutralization of Special Elements used in a Command ('Command Injection')
|
CWE-78
|
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
|
CWE-171
|
|
CWE-179
|
Incorrect Behavior Order: Early Validation
|
CWE-181
|
Incorrect Behavior Order: Validate Before Filter
|
CWE-183
|
Permissive List of Allowed Inputs
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
CWE-697
|
Incorrect Comparison
|
CWE-707
|
Improper Neutralization
|
|
Buffer Overflow via Symbolic Links |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-118
|
Incorrect Access of Indexable Resource ('Range Error')
|
CWE-119
|
Improper Restriction of Operations within the Bounds of a Memory Buffer
|
CWE-120
|
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
|
CWE-285
|
Improper Authorization
|
CWE-302
|
Authentication Bypass by Assumed-Immutable Data
|
CWE-680
|
Integer Overflow to Buffer Overflow
|
CWE-697
|
Incorrect Comparison
|
|
Buffer Overflow via Parameter Expansion |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-118
|
Incorrect Access of Indexable Resource ('Range Error')
|
CWE-119
|
Improper Restriction of Operations within the Bounds of a Memory Buffer
|
CWE-120
|
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
|
CWE-130
|
Improper Handling of Length Parameter Inconsistency
|
CWE-131
|
Incorrect Calculation of Buffer Size
|
CWE-680
|
Integer Overflow to Buffer Overflow
|
CWE-697
|
Incorrect Comparison
|
|
Using Unicode Encoding to Bypass Validation Logic |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-171
|
|
CWE-172
|
Encoding Error
|
CWE-173
|
Improper Handling of Alternate Encoding
|
CWE-176
|
Improper Handling of Unicode Encoding
|
CWE-179
|
Incorrect Behavior Order: Early Validation
|
CWE-180
|
Incorrect Behavior Order: Validate Before Canonicalize
|
CWE-183
|
Permissive List of Allowed Inputs
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
CWE-692
|
Incomplete Denylist to Cross-Site Scripting
|
CWE-697
|
Incorrect Comparison
|
|
AJAX Footprinting |
CWE-20
|
Improper Input Validation
|
CWE-79
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
CWE-86
|
Improper Neutralization of Invalid Characters in Identifiers in Web Pages
|
CWE-96
|
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
|
CWE-113
|
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
|
CWE-116
|
Improper Encoding or Escaping of Output
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
CWE-348
|
Use of Less Trusted Source
|
CWE-692
|
Incomplete Denylist to Cross-Site Scripting
|
CWE-712
|
OWASP Top Ten 2007 Category A1 - Cross Site Scripting (XSS)
|
|
Postfix, Null Terminate, and Backslash |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-158
|
Improper Neutralization of Null Byte or NUL Character
|
CWE-171
|
|
CWE-172
|
Encoding Error
|
CWE-173
|
Improper Handling of Alternate Encoding
|
CWE-697
|
Incorrect Comparison
|
CWE-707
|
Improper Neutralization
|
|
Buffer Overflow in Local Command-Line Utilities |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-118
|
Incorrect Access of Indexable Resource ('Range Error')
|
CWE-119
|
Improper Restriction of Operations within the Bounds of a Memory Buffer
|
CWE-120
|
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
|
CWE-680
|
Integer Overflow to Buffer Overflow
|
CWE-697
|
Incorrect Comparison
|
CWE-733
|
Compiler Optimization Removal or Modification of Security-critical Code
|
|
Subverting Environment Variable Values |
CWE-15
|
External Control of System or Configuration Setting
|
CWE-20
|
Improper Input Validation
|
CWE-73
|
External Control of File Name or Path
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
CWE-285
|
Improper Authorization
|
CWE-302
|
Authentication Bypass by Assumed-Immutable Data
|
CWE-353
|
Missing Support for Integrity Check
|
|
Input Data Manipulation |
CWE-20
|
Improper Input Validation
|
|
XML Injection |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-91
|
XML Injection (aka Blind XPath Injection)
|
CWE-707
|
Improper Neutralization
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|
Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
CWE-20
|
Improper Input Validation
|
CWE-41
|
Improper Resolution of Path Equivalence
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-171
|
|
CWE-172
|
Encoding Error
|
CWE-173
|
Improper Handling of Alternate Encoding
|
CWE-179
|
Incorrect Behavior Order: Early Validation
|
CWE-180
|
Incorrect Behavior Order: Validate Before Canonicalize
|
CWE-181
|
Incorrect Behavior Order: Validate Before Filter
|
CWE-183
|
Permissive List of Allowed Inputs
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
CWE-697
|
Incorrect Comparison
|
CWE-707
|
Improper Neutralization
|
|
Embedding NULL Bytes |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-158
|
Improper Neutralization of Null Byte or NUL Character
|
CWE-171
|
|
CWE-172
|
Encoding Error
|
CWE-173
|
Improper Handling of Alternate Encoding
|
CWE-697
|
Incorrect Comparison
|
CWE-707
|
Improper Neutralization
|
|
Using Slashes in Alternate Encoding |
CWE-20
|
Improper Input Validation
|
CWE-21
|
|
CWE-22
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
|
CWE-73
|
External Control of File Name or Path
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-171
|
|
CWE-173
|
Improper Handling of Alternate Encoding
|
CWE-180
|
Incorrect Behavior Order: Validate Before Canonicalize
|
CWE-181
|
Incorrect Behavior Order: Validate Before Filter
|
CWE-185
|
Incorrect Regular Expression
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
CWE-697
|
Incorrect Comparison
|
CWE-707
|
Improper Neutralization
|
|
XPath Injection |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-91
|
XML Injection (aka Blind XPath Injection)
|
CWE-707
|
Improper Neutralization
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|
Buffer Overflow via Environment Variables |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-99
|
Improper Control of Resource Identifiers ('Resource Injection')
|
CWE-118
|
Incorrect Access of Indexable Resource ('Range Error')
|
CWE-119
|
Improper Restriction of Operations within the Bounds of a Memory Buffer
|
CWE-120
|
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
|
CWE-302
|
Authentication Bypass by Assumed-Immutable Data
|
CWE-680
|
Integer Overflow to Buffer Overflow
|
CWE-697
|
Incorrect Comparison
|
CWE-733
|
Compiler Optimization Removal or Modification of Security-critical Code
|
|
Server Side Include (SSI) Injection |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-97
|
Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|
Object Relational Mapping Injection |
CWE-20
|
Improper Input Validation
|
CWE-89
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
|
CWE-100
|
|
CWE-564
|
SQL Injection: Hibernate
|
|
SQL Injection through SOAP Parameter Tampering |
CWE-20
|
Improper Input Validation
|
CWE-89
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
|
|
Double Encoding |
CWE-20
|
Improper Input Validation
|
CWE-21
|
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-171
|
|
CWE-172
|
Encoding Error
|
CWE-173
|
Improper Handling of Alternate Encoding
|
CWE-177
|
Improper Handling of URL Encoding (Hex Encoding)
|
CWE-181
|
Incorrect Behavior Order: Validate Before Filter
|
CWE-183
|
Permissive List of Allowed Inputs
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
CWE-692
|
Incomplete Denylist to Cross-Site Scripting
|
CWE-697
|
Incorrect Comparison
|
|
Fuzzing |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-388
|
7PK - Errors
|
|
Signature Spoof |
CWE-20
|
Improper Input Validation
|
CWE-290
|
Authentication Bypass by Spoofing
|
CWE-327
|
Use of a Broken or Risky Cryptographic Algorithm
|
|
DOM-Based XSS |
CWE-20
|
Improper Input Validation
|
CWE-79
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
CWE-83
|
Improper Neutralization of Script in Attributes in a Web Page
|
|
Web Logs Tampering |
CWE-20
|
Improper Input Validation
|
CWE-75
|
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
|
CWE-93
|
Improper Neutralization of CRLF Sequences ('CRLF Injection')
|
CWE-96
|
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
|
CWE-116
|
Improper Encoding or Escaping of Output
|
CWE-117
|
Improper Output Neutralization for Logs
|
CWE-150
|
Improper Neutralization of Escape, Meta, or Control Sequences
|
CWE-221
|
Information Loss or Omission
|
CWE-276
|
Incorrect Default Permissions
|
CWE-279
|
Incorrect Execution-Assigned Permissions
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|
User-Controlled Filename |
CWE-20
|
Improper Input Validation
|
CWE-86
|
Improper Neutralization of Invalid Characters in Identifiers in Web Pages
|
CWE-96
|
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
|
CWE-116
|
Improper Encoding or Escaping of Output
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
CWE-348
|
Use of Less Trusted Source
|
CWE-350
|
Reliance on Reverse DNS Resolution for a Security-Critical Action
|
CWE-697
|
Incorrect Comparison
|
|
Using UTF-8 Encoding to Bypass Validation Logic |
CWE-20
|
Improper Input Validation
|
CWE-21
|
|
CWE-73
|
External Control of File Name or Path
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-171
|
|
CWE-172
|
Encoding Error
|
CWE-173
|
Improper Handling of Alternate Encoding
|
CWE-180
|
Incorrect Behavior Order: Validate Before Canonicalize
|
CWE-181
|
Incorrect Behavior Order: Validate Before Filter
|
CWE-692
|
Incomplete Denylist to Cross-Site Scripting
|
CWE-697
|
Incorrect Comparison
|
|