CWE-97

Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

Variant

Draft

Description

The product generates a web page, but does not neutralize or incorrectly neutralizes user-controllable input that could be interpreted as a server-side include (SSI) directive.

Parent Weaknesses (ChildOf)

CWE-96: Improper Neutralization of Dir...

Common Consequences

Scope

Confidentiality

Integrity

Availability

Impact

Execute Unauthorized Code or Commands

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CWE-97

Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

Description

Relationships

Common Consequences

Applicable Platforms