CWE-152 - Improper Neutralization of Macro Symbols

• Abstraction:
• Variant

• Structure:
• Simple

• Status:
• Draft

Weakness Name

Improper Neutralization of Macro Symbols

Description

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as macro symbols when they are sent to a downstream component.

Common Consequences

Scope: Integrity

Impact: Unexpected State

Related Weaknesses

CWE-138Improper Neutralization of Special Elements

• Release Date:
• 2006-07-19

• Latest Modification Date:
• 2023-06-29

Latest Security News

Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations

DeepSeek exposes database with over 1 million chat records

New Jailbreaks Allow Users to Manipulate GitHub Copilot

The Advantages of Cloud-Based Remote Desktop versus RDP over VPN

Major GitHub outage affects pull requests and other services

Automated Pen Testing Is Improving — Slowly

New Syncjacking attack hijacks devices using Chrome extensions

Microsoft lifts Windows 11 update block for PCs with gaming issues

Top Alert List

Content Security Policy (CSP) Header Not Set

CSP

MediumMissing Anti-clickjacking Header

MediumAbsence of Anti-CSRF Tokens

InformationalInformation Disclosure - Suspicious Comments

MediumContent Security Policy (CSP) Header Not Set

InformationalModern Web Application

LowCross-Domain JavaScript Source File Inclusion

InformationalRe-examine Cache-control Directives

LowCSP: X-Content-Security-Policy

Top CVE List

CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability

CVE-2021-33045 Dahua IP Camera Authentication Bypass Vulnerability

CVE-2024-47575 Fortinet FortiManager Missing Authentication Vulnerability

CVE-2025-23006 SonicWall SMA1000 Appliances Deserialization Vulnerability

CVE-2017-6736 Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

CVE-2022-34713 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

CVE-2024-55956 Cleo Multiple Products Unauthenticated File Upload Vulnerability

CVE-2010-5326 SAP NetWeaver Remote Code Execution Vulnerability

CVE-2015-0071 Microsoft Internet Explorer ASLR Bypass Vulnerability

CVE-2015-2360 Microsoft Win32k Privilege Escalation Vulnerability

Top CWE List

CWE-693 Protection Mechanism Failure

HighCWE-200 Exposure of Sensitive Information to an Unauthorized Actor

MediumCWE-352 Cross-Site Request Forgery (CSRF)

CWE-284 Improper Access Control

HighCWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-1021 Improper Restriction of Rendered UI Layers or Frames

CWE-1426 Improper Validation of Generative AI Output

CWE-201 Insertion of Sensitive Information Into Sent Data

CWE-304 Missing Critical Step in Authentication

CWE-1053 Missing Documentation for Design