CWE-790
Improper Filtering of Special Elements
Description
The product receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component.
Hierarchy (View 1000)
CVEs mapped to this weakness (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-31616 | Hig | 0.57 | 8.8 | 0.01 | Apr 23, 2024 | An issue discovered in RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S routers with firmware version RSR10-01G-T-S_RSR_3.0(1)B9P2, Release(07150910) allows attackers to execute arbitrary code via the common_quick_config.lua file. | ||
| CVE-2026-9658 | Hig | 0.47 | 7.3 | 0.00 | May 28, 2026 | Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET… | ||
| CVE-2025-0431 | Med | 0.38 | 5.8 | 0.00 | Mar 19, 2025 | Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's email. This occurs due to improper filtering of backslashes within URLs and… | ||
| CVE-2024-43443 | Med | 0.32 | 4.9 | 0.00 | Aug 26, 2024 | Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in Process Management modules of OTRS and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the Process Management targeting other admins. This issue affects: … | ||
| CVE-2024-43442 | Med | 0.32 | 4.9 | 0.00 | Aug 26, 2024 | Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in OTRS (System Configuration modules) and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the System Configuration targeting other admins. This issue… | ||
| CVE-2023-22578 | 0.00 | — | 0.01 | Feb 16, 2023 | Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections. |
- risk 0.57cvss 8.8epss 0.01
An issue discovered in RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S routers with firmware version RSR10-01G-T-S_RSR_3.0(1)B9P2, Release(07150910) allows attackers to execute arbitrary code via the common_quick_config.lua file.
- risk 0.47cvss 7.3epss 0.00
Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET…
- risk 0.38cvss 5.8epss 0.00
Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's email. This occurs due to improper filtering of backslashes within URLs and…
- risk 0.32cvss 4.9epss 0.00
Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in Process Management modules of OTRS and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the Process Management targeting other admins. This issue affects: …
- risk 0.32cvss 4.9epss 0.00
Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in OTRS (System Configuration modules) and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the System Configuration targeting other admins. This issue…
- CVE-2023-22578Feb 16, 2023risk 0.00cvss —epss 0.01
Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections.