Cyber Posture

CWE · MITRE source

CWE-84Improper Neutralization of Encoded URI Schemes in a Web Page

Abstraction: Variant · CVEs in our corpus: 18

The web application improperly neutralizes user-controlled input for executable script disguised with URI encodings.

Last updated: 09 May 2026 03:25 UTC

NIST 800-53 r5 controls that address this weakness (0)AI

Control	Title	Family	Why it addresses this CWE
No NIST controls proposed yet.

Top CVEs of this weakness type, ranked by Risk Priority

CVE	Risk	CVSS	EPSS	Published
`CVE-2022-40181`	1.7	8.3	0.0070	2022-10-11
`CVE-2023-25571`	1.4	6.8	0.0071	2023-02-14
`CVE-2024-45045`	1.3	6.3	0.0049	2024-08-29
`CVE-2020-7011`	1.2	6.1	0.0032	2020-06-03
`CVE-2021-3824`	1.2	6.1	0.0030	2021-09-23
`CVE-2024-52890`	1.2	6.1	0.0004	2025-08-05
`CVE-2025-25323`	1.1	5.5	0.0009	2025-02-27
`CVE-2025-25324`	1.1	5.5	0.0009	2025-02-27
`CVE-2025-25325`	1.1	5.5	0.0009	2025-02-27
`CVE-2025-25326`	1.1	5.5	0.0009	2025-02-27
`CVE-2025-25330`	1.1	5.5	0.0009	2025-02-27
`CVE-2025-25331`	1.1	5.5	0.0009	2025-02-27
`CVE-2025-25334`	1.1	5.5	0.0009	2025-02-27
`CVE-2025-25329`	1.1	5.5	0.0013	2025-02-27
`CVE-2025-30203`	1.0	4.8	0.0021	2025-03-31
`CVE-2023-30959`	0.8	4.1	0.0018	2023-09-27
`CVE-2024-42184`	0.5	2.5	0.0010	2025-01-23
`CVE-2025-58444`	0.0	0.0	0.0003	2025-09-08