| CWE-692 |
The product uses a denylist-based protection mechanism to defend against XSS attacks, but the denylist is incomplete, allowing XSS variants to succeed. |
| CWE-693 |
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. |
| CWE-694 |
The software uses multiple resources that can have the same identifier, in a context in which unique identifiers are required. |
| CWE-695 |
The software uses low-level functionality that is explicitly prohibited by the framework or specification under which the software is supposed to operate. |
| CWE-696 |
The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses. |
| CWE-697 |
The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses. |
| CWE-698 |
The web application sends a redirect to another location, but instead of exiting, it executes additional code. |
| CWE-7 |
The default error page of a web application should not display sensitive information about the software system. |
| CWE-703 |
The software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software. |
| CWE-704 |
The software does not correctly convert an object, resource, or structure from one type to a different type. |
