| CWE-837 |
The software requires that an actor should only be able to perform an action once, or to have only one unique action, but the software does not enforce or improperly enforces this restriction. |
| CWE-838 |
The software uses or specifies an encoding when generating output to a downstream component, but the specified encoding is not the same as the encoding that is expected by the downstream component. |
| CWE-839 |
The program checks a value to ensure that it is less than or equal to a maximum, but it does not also verify that the value is greater than or equal to the minimum. |
| CWE-84 |
The web application improperly neutralizes user-controlled input for executable script disguised with URI encodings. |
| CWE-841 |
The software supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in the required sequence. |
| CWE-842 |
The software or the administrator places a user into an incorrect group. |
| CWE-843 |
The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type. |
| CWE-85 |
The web application does not filter user-controlled input for executable script disguised using doubling of the involved characters. |
| CWE-86 |
The software does not neutralize or incorrectly neutralizes invalid characters or byte sequences in the middle of tag names, URI schemes, and other identifiers. |
| CWE-862 |
The software does not perform an authorization check when an actor attempts to access a resource or perform an action. |
