Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-95 | Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. eval). | 0 | 0 | 1 | 1 | 2 | |
CWE-525 | Information Exposure Through Browser Caching The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached. | 0 | 2 | 0 | 0 | 2 | |
CWE-614 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session. | 0 | 2 | 0 | 0 | 2 | |
CWE-451 | User Interface (UI) Misrepresentation of Critical Information The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks. | 0 | 2 | 0 | 0 | 2 | |
CWE-923 | Improper Restriction of Communication Channel to Intended Endpoints The software establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint. | 0 | 1 | 1 | 0 | 2 | |
CWE-759 | Use of a One-Way Hash without a Salt The software uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. | 0 | 2 | 0 | 0 | 2 | |
CWE-248 | Uncaught Exception An exception is thrown from a function, but it is not caught. | 0 | 2 | 0 | 0 | 2 | |
CWE-942 | Overly Permissive Cross-domain Whitelist The software uses a cross-domain policy file that includes domains that should not be trusted. | 1 | 1 | 0 | 0 | 2 | |
CWE-501 | Trust Boundary Violation The product mixes trusted and untrusted data in the same data structure or structured message. | 0 | 1 | 1 | 0 | 2 | |
CWE-799 | Improper Control of Interaction Frequency The software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests. | 1 | 1 | 0 | 0 | 2 |