|CWE||NAME||LAST 12M||LOW||MEDIUM||HIGH||CRITICAL||TOTAL VULNS|
|CWE-643|| Improper Neutralization of Data within XPath Expressions ('XPath Injection') |
The software uses external input to dynamically construct an XPath expression used to retrieve data from an XML database, but it does not neutralize or incorrectly neutralizes that input. This allows an attacker to control the structure of the query.
|CWE-228|| Improper Handling of Syntactically Invalid Structure |
The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.
|CWE-671|| Lack of Administrator Control over Security |
The product uses security features in a way that prevents the product's administrator from tailoring security settings to reflect the environment in which the product is being used. This introduces resultant weaknesses or prevents it from operating at a level of security that is desired by the administrator.
|CWE-475|| Undefined Behavior for Input to API |
The behavior of this function is undefined unless its control parameter is set to a specific value.
|CWE-328|| Reversible One-Way Hash |
The product uses a hashing algorithm that produces a hash value that can be used to determine the original input, or to find an input that can produce the same hash, more efficiently than brute force techniques.
|CWE-1022|| Use of Web Link to Untrusted Target with window.opener Access |
The web application produces links to untrusted external sites outside of its sphere of control, but it does not properly prevent the external site from modifying security-critical properties of the window.opener object, such as the location property.
|CWE-409|| Improper Handling of Highly Compressed Data (Data Amplification) |
The software does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.