Input validation related vulnerabilities are part of the OWASP Top 10 2017. They are covered under A1:2017 Injection, A4:2017-XML External Entities (XXE), A7:2017-Cross-Site Scripting (XSS), and A8:2017-Insecure Deserialization. Some of the vulnerabilities listed under this category are as follows:

• Application not validating input both on the client side as well as the server side.
• Application allowing harmful blacklisted characters (<>;’”!()).
• Application vulnerable to injection flaws such as SQL injection, command injection, LDAP (Lightweight Directory Access Protocol) injection, and so on.
• Application vulnerable to Cross-Site Scripting attack. The image below shows a reflected Cross Site Scripting attacks:

• Application vulnerable to buffer overflows.