Categories
| CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
|---|---|---|---|---|---|---|---|
| CWE-501 | Trust Boundary Violation The product mixes trusted and untrusted data in the same data structure or structured message. | 0 | 0 | 1 | 0 | 1 | |
| CWE-305 | Authentication Bypass by Primary Weakness The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. | 0 | 0 | 1 | 0 | 1 | |
| CWE-340 | Predictability Problems The product uses a scheme that generates numbers or identifiers that are more predictable than required. | 0 | 1 | 0 | 0 | 1 | |
| CWE-1022 | Use of Web Link to Untrusted Target with window.opener Access The web application produces links to untrusted external sites outside of its sphere of control, but it does not properly prevent the external site from modifying security-critical properties of the window.opener object, such as the location property. | 0 | 1 | 0 | 0 | 1 | |
| CWE-302 | Authentication Bypass by Assumed-Immutable Data The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker. | 0 | 0 | 1 | 0 | 1 | |
| CWE-451 | User Interface (UI) Misrepresentation of Critical Information The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks. | 0 | 1 | 0 | 0 | 1 | |
| CWE-544 | Missing Standardized Error Handling Mechanism The software does not use a standardized method for handling errors throughout the code, which might introduce inconsistent error handling and resultant weaknesses. | 0 | 1 | 0 | 0 | 1 |