Categories
| CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
|---|---|---|---|---|---|---|---|
| CWE-942 | Overly Permissive Cross-domain Whitelist The software uses a cross-domain policy file that includes domains that should not be trusted. | 0 | 1 | 0 | 0 | 1 | |
| CWE-85 | Doubled Character XSS Manipulations The web application does not filter user-controlled input for executable script disguised using doubling of the involved characters. | 0 | 1 | 0 | 0 | 1 | |
| CWE-540 | Information Exposure Through Source Code Source code on a web server or repository often contains sensitive information and should generally not be accessible to users. | 0 | 1 | 0 | 0 | 1 | |
| CWE-598 | Information Exposure Through Query Strings in GET Request The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that requests. | 1 | 0 | 0 | 0 | 1 | |
| CWE-300 | Channel Accessible by Non-Endpoint ('Man-in-the-Middle') The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint. | 0 | 1 | 0 | 0 | 1 |