Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE CATEGORY:Comprehensive Categorization: Injection
Category ID:1409
Vulnerability Mapping:Prohibited
Status:Incomplete
DetailsContent HistoryObserved CVE ExamplesReports
▼Summary

Weaknesses in this category are related to injection.

▼Membership
NatureMappingTypeIDName
MemberOfProhibitedV1400Comprehensive Categorization for Software Assurance Trends
HasMemberDiscouragedC75Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
HasMemberAllowedV102Struts: Duplicate Validation Forms
HasMemberAllowedV113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
HasMemberAllowedB1236Improper Neutralization of Formula Elements in a CSV File
HasMemberAllowedB1336Improper Neutralization of Special Elements Used in a Template Engine
HasMemberDiscouragedB1426Improper Validation of Generative AI Output
HasMemberAllowedB1427Improper Neutralization of Input Used for LLM Prompting
HasMemberAllowedV564SQL Injection: Hibernate
HasMemberAllowedV621Variable Extraction Error
HasMemberAllowedB624Executable Regular Expression Error
HasMemberAllowedV627Dynamic Variable Evaluation
HasMemberAllowedB641Improper Restriction of Names for Files and Other Resources
HasMemberAllowedB643Improper Neutralization of Data within XPath Expressions ('XPath Injection')
HasMemberAllowedB652Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
HasMemberDiscouragedC692Incomplete Denylist to Cross-Site Scripting
HasMemberAllowedB694Use of Multiple Resources with Duplicate Identifier
HasMemberDiscouragedC74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
HasMemberAllowedB76Improper Neutralization of Equivalent Special Elements
HasMemberAllowed-with-ReviewC77Improper Neutralization of Special Elements used in a Command ('Command Injection')
HasMemberAllowedB78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
HasMemberAllowedB79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
HasMemberAllowedV80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
HasMemberAllowedV81Improper Neutralization of Script in an Error Message Web Page
HasMemberAllowedV82Improper Neutralization of Script in Attributes of IMG Tags in a Web Page
HasMemberAllowedV83Improper Neutralization of Script in Attributes in a Web Page
HasMemberAllowedV84Improper Neutralization of Encoded URI Schemes in a Web Page
HasMemberAllowedV85Doubled Character XSS Manipulations
HasMemberAllowedV86Improper Neutralization of Invalid Characters in Identifiers in Web Pages
HasMemberAllowedV87Improper Neutralization of Alternate XSS Syntax
HasMemberAllowedB88Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
HasMemberAllowedB89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
HasMemberAllowedB90Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
HasMemberAllowedB91XML Injection (aka Blind XPath Injection)
HasMemberAllowedB914Improper Control of Dynamically-Identified Variables
HasMemberAllowedB917Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
HasMemberAllowedB93Improper Neutralization of CRLF Sequences ('CRLF Injection')
HasMemberAllowed-with-ReviewB94Improper Control of Generation of Code ('Code Injection')
HasMemberAllowed-with-ReviewC943Improper Neutralization of Special Elements in Data Query Logic
HasMemberAllowedV95Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
HasMemberAllowedB96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
HasMemberAllowedV97Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
HasMemberAllowed-with-ReviewC99Improper Control of Resource Identifiers ('Resource Injection')
Nature: MemberOf
Mapping: Prohibited
Type: View
ID: 1400
Name: Comprehensive Categorization for Software Assurance Trends
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 75
Name: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 102
Name: Struts: Duplicate Validation Forms
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 113
Name: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1236
Name: Improper Neutralization of Formula Elements in a CSV File
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1336
Name: Improper Neutralization of Special Elements Used in a Template Engine
Nature: HasMember
Mapping: Discouraged
Type: Base
ID: 1426
Name: Improper Validation of Generative AI Output
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1427
Name: Improper Neutralization of Input Used for LLM Prompting
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 564
Name: SQL Injection: Hibernate
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 621
Name: Variable Extraction Error
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 624
Name: Executable Regular Expression Error
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 627
Name: Dynamic Variable Evaluation
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 641
Name: Improper Restriction of Names for Files and Other Resources
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 643
Name: Improper Neutralization of Data within XPath Expressions ('XPath Injection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 652
Name: Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
Nature: HasMember
Mapping: Discouraged
Type: Compound
ID: 692
Name: Incomplete Denylist to Cross-Site Scripting
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 694
Name: Use of Multiple Resources with Duplicate Identifier
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 74
Name: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 76
Name: Improper Neutralization of Equivalent Special Elements
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 77
Name: Improper Neutralization of Special Elements used in a Command ('Command Injection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 78
Name: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 79
Name: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 80
Name: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 81
Name: Improper Neutralization of Script in an Error Message Web Page
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 82
Name: Improper Neutralization of Script in Attributes of IMG Tags in a Web Page
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 83
Name: Improper Neutralization of Script in Attributes in a Web Page
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 84
Name: Improper Neutralization of Encoded URI Schemes in a Web Page
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 85
Name: Doubled Character XSS Manipulations
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 86
Name: Improper Neutralization of Invalid Characters in Identifiers in Web Pages
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 87
Name: Improper Neutralization of Alternate XSS Syntax
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 88
Name: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 89
Name: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 90
Name: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 91
Name: XML Injection (aka Blind XPath Injection)
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 914
Name: Improper Control of Dynamically-Identified Variables
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 917
Name: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 93
Name: Improper Neutralization of CRLF Sequences ('CRLF Injection')
Nature: HasMember
Mapping: Allowed-with-Review
Type: Base
ID: 94
Name: Improper Control of Generation of Code ('Code Injection')
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 943
Name: Improper Neutralization of Special Elements in Data Query Logic
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 95
Name: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 96
Name: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 97
Name: Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 99
Name: Improper Control of Resource Identifiers ('Resource Injection')
▼Vulnerability Mapping Notes
Usage:Prohibited
Reason:
Rationale:

This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves [REF-1330].

Comments:

See member weaknesses of this category.

▼Notes
▼Taxonomy Mappings
Taxonomy NameEntry IDFitEntry Name
▼References
Reference ID: REF-1330
Title: CVE --> CWE Mapping Guidance - Quick Tips
Version: v4.15
Author: MITRE
Publication:
Publisher:
Edition:
URL:https://cwe.mitre.org/documents/cwe_usage/quick_tips.html
URL Date:
Day:25
Month:03
Year:2021
Details not found