The software does not adequately filter user-controlled input for special elements with control implications.
