CWE-843 – Access of Resource Using Incompatible Type (‘Type Confusion’)
Description The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using...
CWE-85 – Doubled Character XSS Manipulations
Description The web application does not filter user-controlled input for executable script disguised using doubling of the involved characters. Modes of Introduction: - Implementation Likelihood...
CWE-86 – Improper Neutralization of Invalid Characters in Identifiers in Web Pages
Description The software does not neutralize or incorrectly neutralizes invalid characters or byte sequences in the middle of tag names, URI schemes, and other identifiers....
CWE-862 – Missing Authorization
Description The software does not perform an authorization check when an actor attempts to access a resource or perform an action. An access control list...
CWE-863 – Incorrect Authorization
Description The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform...
CWE-87 – Improper Neutralization of Alternate XSS Syntax
Description The software does not neutralize or incorrectly neutralizes user-controlled input for alternate script syntax. Modes of Introduction: - Implementation Likelihood of Exploit: Related...
CWE-88 – Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’)
Description The software constructs a string for a command to executed by a separate component in another control sphere, but it does not properly delimit...
CWE-89 – Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
Description The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly...
CWE-9 – J2EE Misconfiguration: Weak Access Permissions for EJB Methods
Description If elevated access rights are assigned to EJB methods, then an attacker can take advantage of the permissions to exploit the software system. If...
CWE-90 – Improper Neutralization of Special Elements used in an LDAP Query (‘LDAP Injection’)
Description The software constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly...