Weakness

The finding can not be directly abused but can aid in vulnerabilities and their escalation. Additionally these findings can cause vulnerabilities in future versions of the application, or the logic can be easily misunderstood by developers and users.

Example: The application performs string interpolation to construct a partial user controlled url. The user input is filtered to a reasonable degree but future changes to the construction are prone to allow for url manipulation.