Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

CWE-791 (特殊元素过滤不完全) — Vulnerability Class 11

11 vulnerabilities classified as CWE-791 (特殊元素过滤不完全). AI Chinese analysis included.

CWE-791 represents an input validation weakness where software fails to adequately sanitize special characters or structural elements within data received from external sources. This oversight typically enables attackers to inject malicious payloads, such as cross-site scripting scripts or command injection sequences, by bypassing incomplete filtering mechanisms. When these unfiltered elements reach downstream components like interpreters or parsers, they can alter execution logic, leading to severe security breaches including data theft or system compromise. Developers prevent this vulnerability by implementing robust, context-aware input validation strategies that strictly whitelist acceptable characters rather than relying on blacklist approaches. Utilizing parameterized queries, encoding special symbols, and applying comprehensive sanitization libraries ensures that all incoming data is thoroughly processed, thereby neutralizing potential injection vectors before they interact with critical system functions.

MITRE CWE Description
The product receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.
Common Consequences (1)
IntegrityUnexpected State
Examples (1)
The following code takes untrusted input and uses a regular expression to filter "../" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.
my $Username = GetUntrustedInput(); $Username =~ s/\.\.\///; my $filename = "/home/user/" . $Username; ReadAndSendFile($filename);
Bad · Perl
../../../etc/passwd
Attack
CVE IDTitleCVSSSeverityPublished
CVE-2026-44232 dssrf: every IPv6 category bypasses is_url_safe — dssrf-js--2026-05-12
CVE-2025-59303 HAProxy Kubernetes Ingress Controller 安全漏洞 — HAProxy Kubernetes Ingress Controller 6.4 Medium2025-10-08
CVE-2025-2336 AngularJS improper sanitization in SVG '<image>' element with 'ngSanitize' — AngularJS 4.8 Medium2025-06-04
CVE-2025-0324 AXIS OS 安全漏洞 — AXIS OS 9.4 Critical2025-06-02
CVE-2025-0716 AngularJS improper sanitization in SVG '<image>' element — AngularJS 4.8 Medium2025-04-29
CVE-2024-45481 Improper authentication in SSH of B&R APROL — B&R APROL 7.8AIHighAI2025-03-25
CVE-2024-47590 Cross-Site Scripting (XSS) vulnerability in SAP Web Dispatcher — SAP Web Dispatcher 8.8 High2024-11-12
CVE-2024-8373 AngularJS improper sanitization in '<source>' element — AngularJS 4.8 Medium2024-09-09
CVE-2023-31172 Incomplete Filtering of Special Elements — SEL-5030 acSELerator QuickSet Software 5.9 Medium2023-08-31
CVE-2023-1076 Linux Kernel 安全漏洞 — Linux kernel 5.5 -2023-03-27
CVE-2022-2132 DPDK 安全漏洞 — dpdk 7.5 -2022-08-31

Vulnerabilities classified as CWE-791 (特殊元素过滤不完全) represent 11 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.