CWE-707
Improper Neutralization
PillarIncomplete
Description
The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-250 · CAPEC-276 · CAPEC-277 · CAPEC-278 · CAPEC-279 · CAPEC-3 · CAPEC-43 · CAPEC-468 · CAPEC-52 · CAPEC-53 · CAPEC-64 · CAPEC-7 · CAPEC-78 · CAPEC-79 · CAPEC-83 · CAPEC-84
CVEs mapped to this weakness (21)
page 2 of 2| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-9797 | Low | 0.16 | 2.4 | 0.00 | Sep 1, 2025 | A vulnerability was determined in mrvautin expressCart up to b31302f4e99c3293bd742c6d076a721e168118b0. This impacts an unknown function of the file /admin/product/edit/ of the component Edit Product Page. This manipulation causes injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. |