Exposure of Sensitive System Information to an Unauthorized Control Sphere | |
Improper Privilege Management | |
Origin Validation Error | |
Improper Validation of Certificate with Host Mismatch | |
Improper Authentication | |
Allocation of Resources Without Limits or Throttling | [23.0.0,26.0.11)[26.1.0,26.1.5) |
Incorrect User Management | |
Exposure of Sensitive Information Through Environmental Variables | |
Denial of Service (DoS) | |
External Control of File Name or Path | |
Regular Expression Denial of Service (ReDoS) | |
HTTP Request Smuggling | |
Open Redirect | [,22.0.13)[24.0.0,24.0.8)[25.0.0,25.0.6) |
URL Redirection to Untrusted Site ('Open Redirect') | [,22.0.13)[23.0.0,24.0.8)[25.0.0,25.0.6) |
Open Redirect | |
Improper Enforcement of a Single, Unique Action | |
Improper Authentication | [,22.0.10)[23.0.0,24.0.3) |
Missing Standardized Error Handling Mechanism | |
Overly Restrictive Account Lockout Mechanism | |
Always-Incorrect Control Flow Implementation | |
Improper Privilege Management | |
Insecure Storage of Sensitive Information | |
Cleartext Storage of Sensitive Information in a Cookie | |
Path Traversal | |
Improper Input Validation | |
Origin Validation Error | |
Authentication Bypass | |
Open Redirect | |
Cross-site Scripting (XSS) | |
Authorization Bypass Through User-Controlled Key | |
Missing Critical Step in Authentication | [,22.0.10)[23.0.0,24.0.3) |
Information Exposure | |
Improper Authorization | |
Open Redirect | |
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) | |
Open Redirect | |
LDAP Injection | |
Credential Exposure | |
Access Restriction Bypass | |
Cross-site Scripting (XSS) | [3.4.3.Final,4.6.0.Final) |
Improper Certificate Validation | |
Cross-site Scripting (XSS) | |
Authentication Bypass by Spoofing | |
Insufficient Verification of Data Authenticity | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Directory Traversal | |
Exposure of Data Element to Wrong Session | |
Access Restriction Bypass | |
Information Exposure | |
Improper Authentication | |
Incorrect Authorization | |
Directory Traversal | |
Improper Authentication | |
Improper Authentication | |
Insecure Permissions | |
Insecure Temporary File | |
Improper Access Control | |
Information Exposure | |
User Impersonation | |
Improper Input Validation | |
Cross-site Scripting (XSS) | |
Server-Side Request Forgery (SSRF) | |
Directory Traversal | |
Improper Input Validation | |
Improper Certificate Validation | |
Information Disclosure | |
Code Injection | |
Information Exposure | |
Use of Hard-coded Constants | |
Information Exposure | |
Cross-site Request Forgery (CSRF) | |
Access Control Bypass | |
Man-in-the-Middle (MitM) | |
Replay attack | |
Open Redirect | |
Access Restriction Bypass | |
Cross-site Request Forgery (CSRF) | |
Cross-site Request Forgery (CSRF) | |
Privilege Escalation | |
Cross-site Request Forgery (CSRF) | |
Open Redirect | [1.0.1.Final,1.0.3.Final) |
Cross-site Scripting (XSS) | [1.0.1.Final,1.0.3.Final) |
Denial of Service (DoS) | |