CWE-792 – Incomplete Filtering of One or More Instances of Special Elements
Description The software receives data from an upstream component, but does not completely filter one or more instances of special elements before sending it to...
CWE-793 – Only Filtering One Instance of a Special Element
Description The software receives data from an upstream component, but only filters a single instance of a special element before sending it to a downstream...
CWE-794 – Incomplete Filtering of Multiple Instances of Special Elements
Description The software receives data from an upstream component, but does not filter all instances of a special element before sending it to a downstream...
CWE-795 – Only Filtering Special Elements at a Specified Location
Description The software receives data from an upstream component, but only accounts for special elements at a specified location, thereby missing remaining special elements that...
CWE-796 – Only Filtering Special Elements Relative to a Marker
Description The software receives data from an upstream component, but only accounts for special elements positioned relative to a marker (e.g. "at the beginning/end of...
CWE-797 – Only Filtering Special Elements at an Absolute Position
Description The software receives data from an upstream component, but only accounts for special elements at an absolute position (e.g. "byte number 10"), thereby missing...
CWE-798 – Use of Hard-coded Credentials
Description The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external...
CWE-799 – Improper Control of Interaction Frequency
Description The software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming...
CWE-8 – J2EE Misconfiguration: Entity Bean Declared Remote
Description When an application exposes a remote interface for an entity bean, it might also expose methods that get or set the bean's data. These...
CWE-80 – Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "", and "&" that...