VYPR

CWE-791

Incomplete Filtering of Special Elements

BaseIncomplete

Description

The product receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.

Hierarchy (View 1000)

Parents

CVEs mapped to this weakness (23)

page 2 of 2
  • CVE-2024-39899MedJul 9, 2024
    risk 0.28cvss 5.3epss 0.01

    PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the…

  • CVE-2020-36827MedMar 24, 2024
    risk 0.28cvss 5.4epss 0.00

    The XAO::Web module before 1.84 for Perl mishandles < and > characters in JSON output during use of json-embed in Web::Action.

  • CVE-2024-8373Sep 9, 2024
    risk 0.00cvss epss 0.01

    Improper sanitization of the value of the [srcset] attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This…