CWE-86 10 个 CVE MITRE 定义 ↗

CWE-86:Improper Neutralization of Invalid Characters in Identifiers in Web Pages

概览

CWE-86(Improper Neutralization of Invalid Characters in Identifiers in Web Pages)描述一种在漏洞数据库与安全评估中使用的弱点类型;定义、背景与映射 CVE 见下方各节。

安全影响
安全影响:因产品与场景而异;请结合 CVE 记录、严重度评分与 MITRE 说明进行优先级判断。

描述

The product does not neutralize or incorrectly neutralizes invalid characters or byte sequences in the middle of tag names, URI schemes, and other identifiers.

适用平台

类型 名称 普遍性 OS / CPE
language Not Language-Specific Undetermined
technology Web Based Often
technology Web Server Undetermined

本库相关 CVE

下列 CVE 在本库中映射到该弱点,并保留以便追溯与检索。

CVE 公开时间 摘要
CVE-2026-28417 2026-02-27 Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a c…
CVE-2025-66606 2026-02-08 A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly encode URLs. An attacker could tamper with web pages or execute malicious scri…
CVE-2025-20168 2025-01-08 A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks aga…
CVE-2025-20167 2025-01-08 A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks aga…
CVE-2025-20166 2025-01-08 A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks aga…
CVE-2024-10941 2024-11-06 A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126.
CVE-2024-21864 2024-05-16 Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.5081 may allow an unauthenticated user to potentially enable escalation of privilege via adjacen…
CVE-2021-33158 2024-02-23 Improper neutralization in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via lo…
CVE-2023-22840 2023-08-10 Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-31126 2023-05-09 `org.xwiki.commons:xwiki-commons-xml` is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code an…

曾用名

  • Invalid Characters in Identifiers (2008-09-09)
  • Failure to Sanitize Invalid Characters in Identifiers in Web Pages (2010-04-05)

内容提交

名称
PLOVER
日期
2006-07-19
版本
Draft 3

内容修订

日期 名称 版本 重要性 评论
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Description, Name, Relationships, Other_Notes, Taxonomy_Mappings
2009-10-29 CWE Content Team 1.6 updated Description, Other_Notes
2010-04-05 CWE Content Team 1.8.1 updated Description, Name, Related_Attack_Patterns
2010-06-21 CWE Content Team 1.9 updated Potential_Mitigations
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Related_Attack_Patterns, Relationships
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2017-05-03 CWE Content Team 2.11 updated Related_Attack_Patterns
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms
2020-02-24 CWE Content Team 4.0 updated Relationships
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated Detection_Factors, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Relationships, Weakness_Ordinalities
cvelogic Threat Intelligence