CWE-790 - Improper Filtering of Special Elements

CWE ID:

CWE-790

Abstraction:Class
Structure:Simple
Status:Incomplete

Release Date:2009-12-28
Latest Modification Date:2023-06-29

Weakness Name

Improper Filtering of Special Elements

Description

The product receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component.

Common Consequences

Scope: Integrity

Impact: Unexpected State

Related Weaknesses

CWE-138Improper Neutralization of Special Elements

Latest Security News

Genetic data site openSNP to close and delete data over privacy concerns
Verizon Call Filter API flaw exposed customers' incoming call history
GitHub expands security tools after 39 million secrets leaked in 2024
Microsoft adds hotpatching support to Windows 11 Enterprise
Royal Mail investigates data leak claims, no impact on operations
ChatGPT is down worldwide with something went wrong error
Police shuts down KidFlix child sexual exploitation platform
The Reality Behind Security Control Failures—And How to Prevent Them
Counterfeit Android devices found preloaded With Triada malware
Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse

Top CVE List

CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2025-24983 Microsoft Windows Win32k Use-After-Free Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability

Top Alert List

CSP
Content Security Policy (CSP) Header Not Set
MediumAbsence of Anti-CSRF Tokens
MediumMissing Anti-clickjacking Header
InformationalInformation Disclosure - Suspicious Comments
LowCross-Domain JavaScript Source File Inclusion
MediumContent Security Policy (CSP) Header Not Set
LowTimestamp Disclosure - Unix
LowCSP: X-Content-Security-Policy
InformationalRe-examine Cache-control Directives

Top CWE List

HighCWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-1426 Improper Validation of Generative AI Output
CWE-693 Protection Mechanism Failure
CWE-1091 Use of Object without Invoking Destructor Method
CWE-1053 Missing Documentation for Design
HighCWE-862 Missing Authorization
CWE-1063 Creation of Class Instance within a Static Code Block
CWE-1121 Excessive McCabe Cyclomatic Complexity
CWE-1173 Improper Use of Validation Framework
CWE-1230 Exposure of Sensitive Information Through Metadata