CWE-793 – Only Filtering One Instance of a Special Element
Description The software receives data from an upstream component, but only filters a single instance of a special element before sending it to a downstream...
CWE-794 – Incomplete Filtering of Multiple Instances of Special Elements
Description The software receives data from an upstream component, but does not filter all instances of a special element before sending it to a downstream...
CWE-795 – Only Filtering Special Elements at a Specified Location
Description The software receives data from an upstream component, but only accounts for special elements at a specified location, thereby missing remaining special elements that...
CWE-796 – Only Filtering Special Elements Relative to a Marker
Description The software receives data from an upstream component, but only accounts for special elements positioned relative to a marker (e.g. "at the beginning/end of...
CWE-797 – Only Filtering Special Elements at an Absolute Position
Description The software receives data from an upstream component, but only accounts for special elements at an absolute position (e.g. "byte number 10"), thereby missing...
CWE-798 – Use of Hard-coded Credentials
Description The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external...
CWE-799 – Improper Control of Interaction Frequency
Description The software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming...
CWE-8 – J2EE Misconfiguration: Entity Bean Declared Remote
Description When an application exposes a remote interface for an entity bean, it might also expose methods that get or set the bean's data. These...
CWE-80 – Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "", and "&" that...
CWE-804 – Guessable CAPTCHA
Description The software uses a CAPTCHA challenge, but the challenge can be guessed or automatically recognized by a non-human actor. Modes of Introduction: - Architecture...