The product receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.
CWE-790