CWE-152 - Improper Neutralization of Macro Symbols

CWE ID:

CWE-152

Abstraction:Variant
Structure:Simple
Status:Draft

Release Date:2006-07-19
Latest Modification Date:2023-06-29

Weakness Name

Improper Neutralization of Macro Symbols

Description

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as macro symbols when they are sent to a downstream component.

Common Consequences

Scope: Integrity

Impact: Unexpected State

Related Weaknesses

CWE-138Improper Neutralization of Special Elements

Latest Security News

Latest CVE List

Common Alerts

MediumReferer Exposes Session ID
HighServer Side Template Injection (Blind)
MediumBackup File Disclosure
MediumExponential Entity Expansion (Billion Laughs Attack)
HighPath Traversal
InformationalLoosely Scoped Cookie
MediumCross-Domain Misconfiguration
MediumAbsence of Anti-CSRF Tokens
InformationalInformation Disclosure - Suspicious Comments
LowX-Backend-Server Header Information Leak