CWE-791
Incomplete Filtering of Special Elements
Description
The product receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.
Hierarchy (View 1000)
CVEs mapped to this weakness (23)
page 2 of 2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-39899 | Med | 0.28 | 5.3 | 0.01 | Jul 9, 2024 | PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the… | ||
| CVE-2020-36827 | — | Med | 0.28 | 5.4 | 0.00 | Mar 24, 2024 | The XAO::Web module before 1.84 for Perl mishandles < and > characters in JSON output during use of json-embed in Web::Action. | |
| CVE-2024-8373 | — | 0.00 | — | 0.01 | Sep 9, 2024 | Improper sanitization of the value of the [srcset] attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This… |
- risk 0.28cvss 5.3epss 0.01
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the…
- risk 0.28cvss 5.4epss 0.00
The XAO::Web module before 1.84 for Perl mishandles < and > characters in JSON output during use of json-embed in Web::Action.
- CVE-2024-8373Sep 9, 2024risk 0.00cvss —epss 0.01
Improper sanitization of the value of the [srcset] attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This…