CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
We have discovered 1,610,187 live websites that are affected by CWE-20.
CVEs
- Count - 17
CWE References
Countries
 United States | 479,939 websites |
 France | 339,518 websites |
 Russia | 123,312 websites |
 Japan | 65,159 websites |
 Germany | 59,974 websites |
 GB | 40,427 websites |
 Netherlands | 38,815 websites |
 China | 35,145 websites |
 Spain | 33,309 websites |
 Italy | 33,091 websites |
TLDs
| .com | 711,169 websites |
| .fr | 150,477 websites |
| .ru | 110,413 websites |
| .org | 80,658 websites |
| .net | 49,416 websites |
| .de | 36,723 websites |
| .nl | 29,726 websites |
| .it | 24,611 websites |
| .pl | 23,747 websites |
| .com.br | 22,024 websites |
Newest CVEs
List of the most recent CVEs that are part of CWE-20| Discovered | CVE | Description | Websites |
|---|---|---|---|
| Dec, 2023 | CVE-2023-6784 | Potential Use of the Sitefinity System for Distribution of Phishing Emails | 1,866 |
| Nov, 2023 | CVE-2023-45161 | 1E-Exchange-URLResponseTime instruction before v20.1 allows arbitrary code execution | 343 |
| Nov, 2023 | CVE-2023-45163 | 1E-Exchange-CommandLinePing instruction before v18.1 allows for arbitrary code execution | 343 |
| Nov, 2023 | CVE-2023-5964 | 1E-Exchange-DisplayMessage instruction allows for arbitrary code execution | 343 |
| Oct, 2023 | CVE-2023-39456 | Apache Traffic Server: Malformed http/2 frames can cause an abort | 560 |
| Oct, 2023 | CVE-2023-42508 | JFrog Artifactory Improper header input validation leads to email manipulation sent from the platform | 1 |
| Aug, 2023 | CVE-2022-47185 | Apache Traffic Server: Invalid Range header causes a crash | 1,404 |
| Jun, 2023 | CVE-2023-2996 | Jetpack < 12.1.1 - Author+ Arbitrary File Manipulation via API | 88,561 |
| Jun, 2023 | CVE-2023-30631 | Apache Traffic Server: Configuration option to block the PUSH method in ATS didn't work | 598 |
| Jan, 2023 | CVE-2022-4428 | support_uri validation missing in WARP client for Windows | 180 |
The most widespread CVEs
List of the most common CVEs that are part of CWE-20| Discovered | CVE | Description | Websites |
|---|---|---|---|
| Sep, 2022 | CVE-2022-31629 | $_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities | 1,052,163 |
| Jun, 2021 | CVE-2021-21705 | Incorrect URL validation in FILTER_VALIDATE_URL | 922,016 |
| Jan, 2021 | CVE-2020-7071 | FILTER_VALIDATE_URL accepts URLs with invalid userinfo | 814,697 |
| Sep, 2020 | CVE-2020-7069 | Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV | 745,951 |
| Sep, 2020 | CVE-2020-7070 | PHP parses encoded cookie names so malicious `__Host-` cookies can be sent | 745,951 |
| Jun, 2023 | CVE-2023-2996 | Jetpack < 12.1.1 - Author+ Arbitrary File Manipulation via API | 88,561 |
| Dec, 2023 | CVE-2023-6784 | Potential Use of the Sitefinity System for Distribution of Phishing Emails | 1,866 |
| Aug, 2023 | CVE-2022-47185 | Apache Traffic Server: Invalid Range header causes a crash | 1,404 |
| Jun, 2023 | CVE-2023-30631 | Apache Traffic Server: Configuration option to block the PUSH method in ATS didn't work | 598 |
| Oct, 2023 | CVE-2023-39456 | Apache Traffic Server: Malformed http/2 frames can cause an abort | 560 |
Websites affected by CWE-20
Top websites that are affected by CWE-20. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **.*********.org | United States | ** | |
| ***.***.int |  Switzerland | *** | |
| ***.*********.com | Germany | *** | |
| *******.*********.org | United States | *** | |
| ******.*******.org | United States | *** | |
| *.*******.cn | China | *,*** | |
| ***.*****.cz |  Czech Republic | *,*** | |
| ***.*********.org | United States | *,*** | |
| **.*********.org | United States | *,*** | |
| *.cn | China | *,*** |