CWE-790 - Improper Filtering of Special Elements

Home/CWEs/CWE info/

CWE-790

Abstraction:
Class

Structure:
Simple

Status:
Incomplete

Weakness Name: Improper Filtering of Special Elements

Description: The product receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component.

Common Consequences: Scope: Integrity
Impact: Unexpected State

Related Weaknesses: CWE-138Improper Neutralization of Special Elements

Release Date:
2009-12-28

Latest Modification Date:
2023-06-29

Top Security News

Hackers now use AppDomain Injection to drop CobaltStrike beacons

New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks

Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)

CWE top 25 most dangerous software weaknesses

Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor

Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites

Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority

Microsoft pulls WinAppSDK update breaking Windows 10 app uninstalls

Common Alerts

LowX-Backend-Server Header Information Leak

MediumSession ID in URL Rewrite

MediumHTTP Only Site

MediumSession ID in URL Rewrite

MediumHTTP to HTTPS Insecure Transition in Form Post

HighServer Side Code Injection - PHP Code Injection

MediumCSP: script-src unsafe-hashes

MediumCSP: Meta Policy Invalid Directive

InformationalNon-Storable Content

InformationalPossible Username Enumeration

Latest CVE List

CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability

CVE-2024-44309 Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability

CVE-2024-21287 Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability

CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability

CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability

CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability

CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability

CVE-2024-9465 Palo Alto Networks Expedition SQL Injection Vulnerability

Common CWEs

CWE-671 Lack of Administrator Control over Security

CWE-683 Function Call With Incorrect Order of Arguments

CWE-1046 Creation of Immutable Text Using String Concatenation

CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

MediumCWE-468 Incorrect Pointer Scaling

CWE-664 Improper Control of a Resource Through its Lifetime

HighCWE-862 Missing Authorization

CWE-541 Inclusion of Sensitive Information in an Include File

CWE-553 Command Shell in Externally Accessible Directory

LowCWE-1037 Processor Optimization Removal or Modification of Security-critical Code

Free security scan for your website

Don't show website scan report rating on the leaderboard

CWE-790 - Improper Filtering of Special Elements

The product receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component.