CWE-862 – Missing Authorization
Description The software does not perform an authorization check when an actor attempts to access a resource or perform an action. An access control list...
CWE-86 – Improper Neutralization of Invalid Characters in Identifiers in Web Pages
Description The software does not neutralize or incorrectly neutralizes invalid characters or byte sequences in the middle of tag names, URI schemes, and other identifiers....
CWE-85 – Doubled Character XSS Manipulations
Description The web application does not filter user-controlled input for executable script disguised using doubling of the involved characters. Modes of Introduction: - Implementation Likelihood...
CWE-843 – Access of Resource Using Incompatible Type (‘Type Confusion’)
Description The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using...
CWE-842 – Placement of User into Incorrect Group
Description The software or the administrator places a user into an incorrect group. If the incorrect group has more access or privileges than the intended...
CWE-841 – Improper Enforcement of Behavioral Workflow
Description The software supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that...
CWE-84 – Improper Neutralization of Encoded URI Schemes in a Web Page
Description The web application improperly neutralizes user-controlled input for executable script disguised with URI encodings. Modes of Introduction: - Architecture and Design Likelihood of Exploit:...
CWE-839 – Numeric Range Comparison Without Minimum Check
Description The program checks a value to ensure that it is less than or equal to a maximum, but it does not also verify that...
CWE-838 – Inappropriate Encoding for Output Context
Description The software uses or specifies an encoding when generating output to a downstream component, but the specified encoding is not the same as the...
CWE-837 – Improper Enforcement of a Single, Unique Action
Description The software requires that an actor should only be able to perform an action once, or to have only one unique action, but the...