Categories

The software uses a cross-domain policy file that includes domains that should not be trusted.

The software does not neutralize or incorrectly neutralizes user-controlled input for alternate script syntax.

The software performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all possible names for that resource or actor.

The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.

The software establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.

This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.

This entry has been deprecated because it was a duplicate of CWE-774. All content has been transferred to CWE-774.

This entry has been deprecated because its abstraction was too low-level. See CWE-532.

The software stores security-critical state information about its users, or the software itself, in a location that is accessible to unauthorized actors.

The application generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.