CWE-79: Improper Neutralization of Input During Web Page Generation
Cross-site Scripting is a software weakness pattern tracked by CWE 79. The local starter record is replaced by the official MITRE CWE import when the sync pipeline runs.
CWE Reference
Common Weakness Enumeration intelligence for builders and executives
Search official CWE records, understand business impact, map weaknesses to CVEs and ATT&CK context, and turn recurring weakness patterns into concrete secure design decisions.
10 normalized recordsstarter-2026-05 releaseMITRE-sourcedGlexia analysis
Reference Search
Find a CWE by ID, name, language, phase, or impact
Use exact IDs such as CWE-79, search weakness names, or browse developer-focused filters.
High-Value Resources
Start with the CWE pages teams use most
CWE Top 25Executive risk view of the most dangerous software weaknesses. CWE DictionaryPlain-language definitions for weakness, category, view, abstraction, mapping, and mitigation terms. CWE to CVE MappingConnect vulnerability records back to recurring weakness classes. Root-Cause MappingUse CWE as a secure design and engineering quality lens.
Featured Weaknesses
Common weakness patterns with Glexia guidance
CWE-89: Improper Neutralization of Special Elements used in an SQL Command
SQL Injection is a software weakness pattern tracked by CWE 89. The local starter record is replaced by the official MITRE CWE import when the sync pipeline runs.
CWE-787: Out-of-bounds Write
Out-of-bounds Write is a software weakness pattern tracked by CWE 787. The local starter record is replaced by the official MITRE CWE import when the sync pipeline runs.
CWE-78: Improper Neutralization of Special Elements used in an OS Command
OS Command Injection is a software weakness pattern tracked by CWE 78. The local starter record is replaced by the official MITRE CWE import when the sync pipeline runs.
CWE-22: Improper Limitation of a Pathname to a Restricted Directory
Path Traversal is a software weakness pattern tracked by CWE 22. The local starter record is replaced by the official MITRE CWE import when the sync pipeline runs.
CWE-352: Cross-Site Request Forgery
Cross-Site Request Forgery is a software weakness pattern tracked by CWE 352. The local starter record is replaced by the official MITRE CWE import when the sync pipeline runs.
Top List
CWE Top 25 quick links
- 1 CWE-787: Out-of-bounds Write
- 2 CWE-79: Improper Neutralization of Input During Web Page Generation
- 3 CWE-89: Improper Neutralization of Special Elements used in an SQL Command
- 4 CWE-352: Cross-Site Request Forgery
- 5 CWE-22: Improper Limitation of a Pathname to a Restricted Directory
- 6 CWE-125: Out-of-bounds Read
- 7 CWE-78: Improper Neutralization of Special Elements used in an OS Command
- 8 CWE-416: Use After Free
- 9 CWE-862: Missing Authorization
- 10 CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Dictionary
CWE terms in operational language
Weakness A software or hardware condition that can contribute to exploitable behavior. Category A grouping construct used by CWE to organize related weaknesses. View A CWE perspective such as research concepts, development concepts, or top-list views. Abstraction The level of specificity of a weakness, such as class, base, or variant. Mapping Notes Guidance for deciding whether a vulnerability should map to a particular CWE. Observed Example A real-world vulnerability or case used by CWE to illustrate the weakness.