CWE-790(Improper Filtering of Special Elements)は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。
The product receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component.
| 種別 | 名称 | クラス | 普遍性 | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。
| CVE | 公開 | 概要 |
|---|---|---|
| CVE-2026-9658 | 2026-05-28 | Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the re… |
| CVE-2026-2328 | 2026-03-30 | An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information… |
| CVE-2025-27260 | 2026-03-25 | Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special Elements vulnerability which, if exploited, can lead to unauthorized modification of certain informatio… |
| CVE-2025-15576 | 2026-03-09 | If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to… |
| CVE-2025-0431 | 2025-03-19 | Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's em… |
| CVE-2024-47984 | 2024-12-13 | Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. A User with Remote access could potentially exploit this vulnerability, leading to the disruption of most functio… |
| CVE-2024-42416 | 2024-09-05 | The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Malicious software runnin… |
| CVE-2024-43443 | 2024-08-26 | Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in Process Management modules of OTRS and ((OTRS)) Community Edition allows Cross-Site Scripting (XS… |
| CVE-2024-43442 | 2024-08-26 | Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in OTRS (System Configuration modules) and ((OTRS)) Community Edition allows Cross-Site Scripting (… |
| CVE-2024-6540 | 2024-07-15 | Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information… |
| CVE-2024-31616 | 2024-04-23 | An issue discovered in RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S routers with firmware version RSR10-01G-T-S_RSR_3.0(1)B9P2, Release(07150910) allows attackers to execute arbitrary code via the com… |
| CVE-2023-45239 | 2023-10-06 | A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent … |
| CVE-2023-22578 | 2023-02-16 | Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections. |
| CVE-2021-43802 | 2021-12-09 | Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an `*.etherpad` file that, when imported, might allow the attacker to gain admin privileges for the Eth… |
| 日付 | 名称 | バージョン | 重要度 | コメント |
|---|---|---|---|---|
| 2010-02-16 | CWE Content Team | 1.8 | — | updated Demonstrative_Examples |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences |
| 2011-06-27 | CWE Content Team | 2.0 | — | updated Common_Consequences |
| 2017-01-19 | CWE Content Team | 2.10 | — | updated Relationships |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Modes_of_Introduction, Relationships |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Relationships |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Description |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Applicable_Platforms, Weakness_Ordinalities |