VYPR

CWE-790

Improper Filtering of Special Elements

ClassIncomplete

Description

The product receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component.

Hierarchy (View 1000)

Parents

Children

CVEs mapped to this weakness (6)

  • CVE-2024-31616HigApr 23, 2024
    risk 0.57cvss 8.8epss 0.01

    An issue discovered in RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S routers with firmware version RSR10-01G-T-S_RSR_3.0(1)B9P2, Release(07150910) allows attackers to execute arbitrary code via the common_quick_config.lua file.

  • CVE-2026-9658HigMay 28, 2026
    risk 0.47cvss 7.3epss 0.00

    Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET…

  • CVE-2025-0431MedMar 19, 2025
    risk 0.38cvss 5.8epss 0.00

    Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's email. This occurs due to improper filtering of backslashes within URLs and…

  • CVE-2024-43443MedAug 26, 2024
    risk 0.32cvss 4.9epss 0.00

    Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in Process Management modules of OTRS and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the Process Management targeting other admins. This issue affects: …

  • CVE-2024-43442MedAug 26, 2024
    risk 0.32cvss 4.9epss 0.00

    Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in  OTRS (System Configuration modules) and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the System Configuration targeting other admins. This issue…

  • CVE-2023-22578Feb 16, 2023
    risk 0.00cvss epss 0.01

    Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections.