CWE-1347: OWASP Top Ten 2021 Category A03:2021 - Injection
ID
CWE-1347
Status
Incomplete
Weaknesses in this category are related to the A03 category "Injection" in the OWASP Top Ten 2021.
Relationships
| View | Weakness | ||||||
|---|---|---|---|---|---|---|---|
| # ID | Name | # ID | Name | Abstraction | Structure | Status | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-20 | Improper Input Validation | Class | Simple | Stable | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | Class | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-75 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) | Class | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') | Class | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | Base | Simple | Stable | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Base | Simple | Stable | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-80 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | Variant | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-83 | Improper Neutralization of Script in Attributes in a Web Page | Variant | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-87 | Improper Neutralization of Alternate XSS Syntax | Variant | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-88 | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') | Base | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | Base | Simple | Stable | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-90 | Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') | Base | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-91 | XML Injection (aka Blind XPath Injection) | Base | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-93 | Improper Neutralization of CRLF Sequences ('CRLF Injection') | Base | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-94 | Improper Control of Generation of Code ('Code Injection') | Base | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-95 | Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | Variant | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-96 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') | Base | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-97 | Improper Neutralization of Server-Side Includes (SSI) Within a Web Page | Variant | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-98 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | Variant | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-99 | Improper Control of Resource Identifiers ('Resource Injection') | Class | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-113 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') | Variant | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-116 | Improper Encoding or Escaping of Output | Class | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-138 | Improper Neutralization of Special Elements | Class | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-184 | Incomplete List of Disallowed Inputs | Base | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-470 | Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') | Base | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-471 | Modification of Assumed-Immutable Data (MAID) | Base | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-564 | SQL Injection: Hibernate | Variant | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-610 | Externally Controlled Reference to a Resource in Another Sphere | Class | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-643 | Improper Neutralization of Data within XPath Expressions ('XPath Injection') | Base | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-644 | Improper Neutralization of HTTP Headers for Scripting Syntax | Variant | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-652 | Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') | Base | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-917 | Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') | Base | Simple | Incomplete | |
Loading...