Incorrect Authorization | |
Information Exposure Through an Error Message | |
Improper Access Control | |
Arbitrary File Read | [,2.452.4)[2.460,2.462.1)[2.470,2.471) |
Authentication Bypass by Capture-replay | |
Access Restriction Bypass | |
Exposure of Sensitive Information to an Unauthorized Actor | |
Resource Exhaustion | |
XML External Entity (XXE) Injection | |
XML External Entity (XXE) Injection | |
Improper Access Control | [,2.426.3)[2.427,2.440.1)[2.441,2.442) |
Origin Validation Error | [,2.426.3)[2.427,2.440.1)[2.441,2.442) |
Incorrect Default Permissions | [2.50,2.414.2)[2.415,2.424) |
Creation of Temporary File With Insecure Permissions | |
Improper Control of Generation of Code ('Code Injection') | |
Information Exposure | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Request Forgery (CSRF) | |
Denial of Service (DoS) | [,2.375.4)[2.387,2.387.1)[2.388,2.394) |
Denial of Service (DoS) | [,2.375.4)[2.387,2.387.1)[2.388,2.394) |
Cross-site Scripting (XSS) | [2.270,2.375.4)[2.376,2.387.1)[2.388,2.394) |
Creation of Temporary File With Insecure Permissions | [,2.375.4)[2.376,2.387.1)[2.388,2.394) |
Information Exposure | [,2.375.4)[2.376,2.387.1)[2.388,2.394) |
Creation of Temporary File With Insecure Permissions | [,2.375.4)[2.387,2.387.1)[2.388,2.394) |
Information Exposure | [,2.375.4)[2.387,2.387.1)[2.388,2.394) |
Cross-site Request Forgery (CSRF) | |
Cross-site Request Forgery (CSRF) | |
Cross-site Request Forgery (CSRF) | |
Cross-site Scripting (XSS) | |
Information Exposure | |
Session Fixation | [2.266,2.289.2)[2.292,2.300) |
Improper Authentication | |
Information Exposure | |
Timing Attack | |
Improper Restriction of Rendered UI Layers or Frames | |
Timing Attack | |
Denial of Service (DoS) | |
Incorrect Authorization | [2.266,2.289.2)[2.292,2.300) |
Path Equivalence | |
Directory Traversal | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Information Exposure | |
Cross-site Scripting (XSS) | |
Information Exposure | |
Cross-site Scripting (XSS) | |
Improper Authorization | |
Cross-site Scripting (XSS) | |
Denial of Service (DoS) | |
Cross-site Request Forgery (CSRF) | |
Improper Authorization | |
Directory Traversal | |
Symlink Attack | |
Directory Traversal | |
Arbitrary Code Injection | |
Improper Authorization | |
Directory Traversal | |
Improper Authorization | |
Improper Access Control | |
Symlink Attack | |
Improper Access Control | |
Improper Access Control | |
Symlink Attack | |
Insufficient Validation | |
Improper Validation | |
Race Condition | |
Denial of Service (DoS) | |
Deserialization of Untrusted Data | |
Arbitrary File Read | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Directory Traversal | |
Access Restriction Bypass | |
Cross-site Scripting (XSS) | |
Information Exposure | |
Cross-site Scripting (XSS) | [,2.252)[2.235.3,2.235.4) |
Cross-site Scripting (XSS) | [,2.252)[2.235.3,2.235.4) |
Cross-site Scripting (XSS) | [,2.252)[2.235.3,2.235.4) |
Cross-site Scripting (XSS) | [,2.176.4)[2.180.0,2.196.1) |
Cross-site Scripting (XSS) | [,2.176.4)[2.180.0,2.196.1) |
Cross-site Scripting (XSS) | [0,2.176.4)[2.180.0,2.196.1) |
Cross-site Scripting (XSS) | [0,2.176.4)[2.180.0,2.196.1) |
Denial of Service (DoS) | |
Cross-site Scripting (XSS) | [,2.176.4)[2.180.0,2.190.1) |
Information Exposure | [,2.176.4)[2.180.0,2.196.1) |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Request Forgery (CSRF) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Protection Bypass | |
Cross Site Request Forgery (CSRF) | |
Directory Traversal | |
Access Control Bypass | |
Authorization Bypass | [2.150,2.160)[2.150.1,2.150.2) |
Authentication Bypass | |
Cross-site Scripting (XSS) | |
Directory Traversal | |
Ephemeral User Record Creation | |
Arbitrary File Write | |
Information Exposure | |
Cross-site Scripting (XSS) | |
Session Fixation | |
Information Exposure | [,2.138.4)[2.140,2.149][2.150,2.150.1)[2.153,2.154) |
Modification of Assumed-Immutable Data (MAID) | [,2.138.4)[2.140,2.149][2.150,2.150.1)[2.153,2.154) |
Arbitrary Code Execution | [,2.138.4)[2.140,2.150.1)[2.153,2.154) |
Denial of Service (DoS) | |
Information Exposure | |
Arbitrary Code Execution | [1.509.0,1.509.1)[1.510,1.514) |
Arbitrary Code Execution | |
Information Exposure | |
Improper Authorization | |
Information Exposure | |
Authentication Bypass | |
Denial of Service (DoS) | |
Denial of Service (DoS) | |
Deserialization of Untrusted Data | |
Cross-site Scripting (XSS) | |
Information Exposure | |
Cross-site Scripting (XSS) | |
Improper Authorization | |
Insufficient Permission Check | |
Authentication Bypass | |
Arbitrary File Read | |
User Impersonation | |
Information Exposure | |
Server-Side Request Forgery (SSRF) | |
Directory Traversal | |
Arbitrary File Write via Archive Extraction (Zip Slip) | |
Information Exposure | |
Session Hijacking | |
Access Restriction Bypass | |
Access Restriction Bypass | |
Cross-site Scripting (XSS) | |
Directory Traversal | |
Information Exposure | |
Information Exposure | |
Cross-site Scripting (XSS) | |
Clickjacking | |
Privilege Escalation | |
Information Exposure | |
Cross-site Scripting (XSS) | |
Arbitrary Code Execution | |
Privilege Escalation | |
Man-in-the-Middle (MitM) | |
Information Exposure | |
Information Exposure | |
Cross-site Scripting (XSS) | |
Directory Traversal | |
Privilege Escalation | |
Information Exposure | |
Denial of Service (DoS) | |
Directory Traversal | |
Cross-site Scripting (XSS) | |
Arbitrary Code Execution | |
Denial of Service (DoS) | |
Information Exposure | |
Information Exposure | |
Cross-site Scripting (XSS) | |
Cross-site Request Forgery (CSRF) | |
XML External Entity (XXE) Injection | |
Directory Traversal | |
Access Restriction Bypass | |
Cross-site Scripting (XSS) | |
Information Exposure | |
Improper Access Control | |
Information Exposure | |
Cross-site Request Forgery (CSRF) | |
Privilege Escalation | |
Deserialization of Untrusted Data | |
Insufficient Permission Validation | |
Information Exposure | |
Arbitrary File Overwrite | |
Cross-site Scripting (XSS) | |
Cross-site Request Forgery (CSRF) | |
Arbitrary Code Execution | [,1.642.2)[1.643.0,1.650) |
Information Exposure | |
Timing Attacks | |
HTTP Response Splitting | [,1.642.2)[1.643.0,1.650) |
Timing Attack | |
Arbitrary Code Execution | |
Arbitrary Code Execution | |
Insufficient Permission Validation | |
Arbitrary Code Execution | [,1.642.2)[1.643.0,1.650) |
Arbitrary Code Injection | |
Information Exposure | |
Open Redirect | |
Information Exposure | |
Information Exposure | |
Authentication Bypass | |
Denial of Service (DoS) | |
Arbitrary Code Execution | |
Cross-site Scripting (XSS) | [2.110,2.116)[2.107.0,2.107.2) |
Information Exposure | |
Insufficient Permission Validation | |
Deserialization of Untrusted Data | |
Cross-Site Request Forgery (CSRF) | |
Directory Traversal | |
Arbitrary Shell Command Execution | |
Information Exposure | |
Man-in-the-Middle (MitM) | |
Information Exposure | |
Information Exposure | |
Information Exposure | |
Authentication Bypass | |
Information Exposure | |
Deserialization of Untrusted Data | |
Information Exposure | |
Insecure Initialization | |
Cross-site Request Forgery (CSRF) | |
Server-Side Request Forgery (SSRF) | |
Improper Input Validation | |
Directory Traversal | |