Allocation of Resources Without Limits or Throttling | |
Information Exposure Through Query Strings | >=11.0.0-ALPHA1, <11.1.6.1>=11.2.0, <11.2.2 |
SQL Injection | |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |
Arbitrary Code Execution | |
Cross-site Scripting (XSS) | |
Directory Traversal | |
Information Exposure | |
Cross-site Scripting (XSS) | |
SQL Injection | |
Cross-site Scripting (XSS) | |
SQL Injection | |
Privilege Defined With Unsafe Actions | |
Arbitrary File Write via Archive Extraction (Zip Slip) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Directory Traversal | |
SQL Injection | |
SQL Injection | |
Cross-site Scripting (XSS) | |
SQL Injection | |
Cross-site Scripting (XSS) | |
Directory Traversal | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Directory Traversal | |
SQL Injection | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Request Forgery (CSRF) | |
SQL Injection | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
SQL Injection | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Request Forgery (CSRF) | |
Arbitrary File Upload | |
Cross-site Scripting (XSS) | |
Arbitrary Code Injection | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Improper Input Validation | |
SQL Injection | |
Cross-site Scripting (XSS) | |
SQL Injection | |
SQL Injection | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Directory Traversal | |
Information Exposure | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Business Logic Errors | |
Arbitrary File Upload | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
SQL injection | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Request Forgery (CSRF) | |
Username Enumeration | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
CSV Injection | |
SQL Injection | |
Local File Inclusion | |
Improper Authorization | |
SQL Injection | |
SQL Injection | |
Cross-site Scripting (XSS) | |
Information Exposure | |
Improper Authentication | |
Improper Access Control | |
Cross-site Scripting (XSS) | |
Deserialization of Untrusted Data | |
Arbitrary File Upload | |
Deserialization of Untrusted Data | |
Cross-site Request Forgery (CSRF) | |
SQL Injection | |
Cross-site Scripting (XSS) | |