CWE-86 10 件の CVE MITRE の定義 ↗

CWE-86: Improper Neutralization of Invalid Characters in Identifiers in Web Pages

概要

CWE-86(Improper Neutralization of Invalid Characters in Identifiers in Web Pages)は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。

セキュリティへの影響
セキュリティ影響:製品や文脈に依存します。CVE 記録、深刻度、MITRE の説明を参照して優先度を判断してください。

説明

The product does not neutralize or incorrectly neutralizes invalid characters or byte sequences in the middle of tag names, URI schemes, and other identifiers.

適用プラットフォーム

種別 名称 クラス 普遍性 OS / CPE
language Not Language-Specific Undetermined
technology Web Based Often
technology Web Server Undetermined

このデータベースの関連 CVE

これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。

CVE 公開 概要
CVE-2026-28417 2026-02-27 Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a c…
CVE-2025-66606 2026-02-08 A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly encode URLs. An attacker could tamper with web pages or execute malicious scri…
CVE-2025-20168 2025-01-08 A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks aga…
CVE-2025-20167 2025-01-08 A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks aga…
CVE-2025-20166 2025-01-08 A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks aga…
CVE-2024-10941 2024-11-06 A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126.
CVE-2024-21864 2024-05-16 Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.5081 may allow an unauthenticated user to potentially enable escalation of privilege via adjacen…
CVE-2021-33158 2024-02-23 Improper neutralization in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via lo…
CVE-2023-22840 2023-08-10 Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-31126 2023-05-09 `org.xwiki.commons:xwiki-commons-xml` is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code an…

旧名称

  • Invalid Characters in Identifiers (2008-09-09)
  • Failure to Sanitize Invalid Characters in Identifiers in Web Pages (2010-04-05)

コンテンツ投稿

名称
PLOVER
日付
2006-07-19
バージョン
Draft 3

コンテンツの変更履歴

日付 名称 バージョン 重要度 コメント
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Description, Name, Relationships, Other_Notes, Taxonomy_Mappings
2009-10-29 CWE Content Team 1.6 updated Description, Other_Notes
2010-04-05 CWE Content Team 1.8.1 updated Description, Name, Related_Attack_Patterns
2010-06-21 CWE Content Team 1.9 updated Potential_Mitigations
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Related_Attack_Patterns, Relationships
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2017-05-03 CWE Content Team 2.11 updated Related_Attack_Patterns
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms
2020-02-24 CWE Content Team 4.0 updated Relationships
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated Detection_Factors, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Relationships, Weakness_Ordinalities
cvelogic Threat Intelligence