CWE-692 6 個 CVE MITRE 定義 ↗

CWE-692:Incomplete Denylist to Cross-Site Scripting

概覽

CWE-692(Incomplete Denylist to Cross-Site Scripting)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product uses a denylist-based protection mechanism to defend against XSS attacks, but the denylist is incomplete, allowing XSS variants to succeed.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined
technology Web Based Often
technology Web Server Often

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2025-20240 2025-09-24 A vulnerability in the Web Authentication feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting attack (XSS) on an affected devic…
CVE-2025-53904 2025-07-16 The Scratch Channel is a news website that is under development as of time of this writing. The file `/api/admin.js` contains code that could make the website vulnerable to cross-site scripting. No kn…
CVE-2025-49590 2025-06-18 CryptPad is a collaboration suite. Prior to version 2025.3.0, the "Link Bouncer" functionality attempts to filter javascript URIs to prevent Cross-Site Scripting (XSS), however this can be bypassed. T…
CVE-2024-52305 2024-11-13 UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account wit…
CVE-2024-30924 2024-04-18 Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the checkin.php component.
CVE-2023-26047 2023-03-03 teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version v0.2.0 is vulnerable to a bypass attack when a specific case…

曾用名

  • Incomplete Blacklist to Cross-Site Scripting (2020-02-26)

內容提交

名稱
CWE Content Team
組織
MITRE
日期
2008-04-11
版本
Draft 9

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Applicable_Platforms, Relationships, Other_Notes
2008-09-24 CWE Content Team 1.1 added Language_Class "All"
2008-10-14 CWE Content Team 1.0.1 updated Applicable_Platforms
2009-03-10 CWE Content Team 1.3 updated Related_Attack_Patterns
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Related_Attack_Patterns
2014-06-23 CWE Content Team 2.7 updated Applicable_Platforms, Description, Other_Notes
2017-01-19 CWE Content Team 2.10 updated Relationships
2017-05-03 CWE Content Team 2.11 updated Related_Attack_Patterns
2017-11-08 CWE Content Team 3.0 updated Relationships, Relevant_Properties
2019-01-03 CWE Content Team 3.2 updated Related_Attack_Patterns
2020-06-25 CWE Content Team 4.1 updated Description, Name, Observed_Examples, References
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes, Relationships
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Time_of_Introduction, Weakness_Ordinalities
cvelogic Threat Intelligence