...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e33dec0897392f5f-a87248eb-4b754056-a489864f-c084d3f2fd2eb3d734539dc1"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010 | http://www.aitcnet.org/isai/] | "Injection [RST]" | ]]></ac:plain-text-body></ac:structured-macro> |
CWE-134, "Uncontrolled Format String" |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="840d541711019932-827d8e08-45b2482f-8af4bff0-7996c55ce5c95f4752460270"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | [Class Formatter | http://java.sun.com/javase/6/docs/api/java/util/Formatter.html] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="044e580d6cf8ea9c-db6feb48-4cbf4c17-9ca2bb59-e4b5b92e01fd7b319bc91b95"><ac:plain-text-body><![CDATA[ | [[Seacord 2005 | AA. Bibliography#Seacord 05]] | Chapter 6, Formatted Output | ]]></ac:plain-text-body></ac:structured-macro> |
...
IDS08IDS05-J. Sanitize untrusted data passed to a regexUse a subset of ASCII for file and path names IDS10IDS07-J. Do not split characters between two data structurespass untrusted, unsanitized data to the Runtime.exec() method