CWE-97 - Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

Description

The software generates a web page, but does not neutralize or incorrectly neutralizes user-controllable input that could be interpreted as a server-side include (SSI) directive.






Latest vulnerabilities for CWE-97

Multiple vulnerabilities in WBSAirback 2024-04-16
Medium Yes
Multiple vulnerabilities in Six Apart Movable Type 2022-11-16
Medium Yes

References

Description of CWE-97 on Mitre website