Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. eval).
0 0 1 1 2
CWE-525 Information Exposure Through Browser Caching
The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.
0 2 0 0 2
CWE-614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.
0 2 0 0 2
CWE-451 User Interface (UI) Misrepresentation of Critical Information
The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.
0 2 0 0 2
CWE-923 Improper Restriction of Communication Channel to Intended Endpoints
The software establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.
0 1 1 0 2
CWE-759 Use of a One-Way Hash without a Salt
The software uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input.
0 2 0 0 2
CWE-248 Uncaught Exception
An exception is thrown from a function, but it is not caught.
0 2 0 0 2
CWE-942 Overly Permissive Cross-domain Whitelist
The software uses a cross-domain policy file that includes domains that should not be trusted.
1 1 0 0 2
CWE-501 Trust Boundary Violation
The product mixes trusted and untrusted data in the same data structure or structured message.
0 1 1 0 2
CWE-799 Improper Control of Interaction Frequency
The software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.
1 1 0 0 2