CWE-692 - CERT CVE

CWE-692 - Incomplete Denylist to Cross-Site Scripting

The product uses a denylist-based protection mechanism to defend against XSS attacks, but the denylist is incomplete, allowing XSS variants to succeed.

CAPEC ID	Naziv
CAPEC-120	Double Encoding
CAPEC-267	Leverage Alternate Encoding
CAPEC-71	Using Unicode Encoding to Bypass Validation Logic
CAPEC-80	Using UTF-8 Encoding to Bypass Validation Logic
CAPEC-85	AJAX Fingerprinting