CWE-86
Improper Neutralization of Invalid Characters in Identifiers in Web Pages
The product does not neutralize or incorrectly neutralizes invalid characters or byte sequences in the middle of tag names, URI schemes, and other identifiers.
Official CWE-86 definition at MITREImpactr finds and proves weaknesses like CWE-86 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist