CWE-692
Incomplete Denylist to Cross-Site Scripting
The product uses a denylist-based protection mechanism to defend against XSS attacks, but the denylist is incomplete, allowing XSS variants to succeed.
Official CWE-692 definition at MITREImpactr finds and proves weaknesses like CWE-692 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist