CWE-1409: Comprehensive Categorization: Injection
ID
CWE-1409
Status
Incomplete
Weaknesses in this category are related to injection.
Relationships
| View | Weakness | ||||||
|---|---|---|---|---|---|---|---|
| # ID | Name | # ID | Name | Abstraction | Structure | Status | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | Class | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-75 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) | Class | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-76 | Improper Neutralization of Equivalent Special Elements | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') | Class | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | Base | Simple | Stable | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Base | Simple | Stable | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-80 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-81 | Improper Neutralization of Script in an Error Message Web Page | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-82 | Improper Neutralization of Script in Attributes of IMG Tags in a Web Page | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-83 | Improper Neutralization of Script in Attributes in a Web Page | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-84 | Improper Neutralization of Encoded URI Schemes in a Web Page | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-85 | Doubled Character XSS Manipulations | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-86 | Improper Neutralization of Invalid Characters in Identifiers in Web Pages | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-87 | Improper Neutralization of Alternate XSS Syntax | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-88 | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | Base | Simple | Stable | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-90 | Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-91 | XML Injection (aka Blind XPath Injection) | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-93 | Improper Neutralization of CRLF Sequences ('CRLF Injection') | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-94 | Improper Control of Generation of Code ('Code Injection') | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-95 | Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-96 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-97 | Improper Neutralization of Server-Side Includes (SSI) Within a Web Page | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-99 | Improper Control of Resource Identifiers ('Resource Injection') | Class | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-102 | Struts: Duplicate Validation Forms | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-113 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-564 | SQL Injection: Hibernate | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-621 | Variable Extraction Error | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-624 | Executable Regular Expression Error | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-627 | Dynamic Variable Evaluation | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-641 | Improper Restriction of Names for Files and Other Resources | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-643 | Improper Neutralization of Data within XPath Expressions ('XPath Injection') | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-652 | Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-692 | Incomplete Denylist to Cross-Site Scripting | Compound | Chain | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-694 | Use of Multiple Resources with Duplicate Identifier | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-914 | Improper Control of Dynamically-Identified Variables | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-917 | Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-943 | Improper Neutralization of Special Elements in Data Query Logic | Class | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1236 | Improper Neutralization of Formula Elements in a CSV File | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1336 | Improper Neutralization of Special Elements Used in a Template Engine | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1426 | Improper Validation of Generative AI Output | Base | Simple | Incomplete | |
Loading...