Reliance on a Single Factor in a Security Decision | |
Arbitrary Code Execution | |
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | |
Insufficient Session Expiration | |
Improper Input Validation | |
Missing Authorization | |
Cross-site Request Forgery (CSRF) | |
Cross-site Request Forgery (CSRF) | |
Cross-site Request Forgery (CSRF) | |
Cross-site Request Forgery (CSRF) | |
Cross-site Request Forgery (CSRF) | |
Open Redirect | |
Arbitrary File Upload | |
Cross-site Request Forgery (CSRF) | |
Cross-site Request Forgery (CSRF) | |
Cross-site Request Forgery (CSRF) | |
Cross-site Request Forgery (CSRF) | |
Brute Force | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Information Exposure | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |