| 0 |
Directory Browsing |
release |
Medium |
Active |
548 |
48 |
| 2 |
Private IP Disclosure |
release |
Low |
Passive |
497 |
13 |
| 3 |
Session ID in URL Rewrite |
release |
|
Passive |
|
|
| 3-1 |
Session ID in URL Rewrite |
release |
Medium |
Passive |
598 |
13 |
| 3-2 |
Session ID in URL Rewrite |
release |
Medium |
Passive |
598 |
13 |
| 3-3 |
Referer Exposes Session ID |
release |
Medium |
Passive |
598 |
13 |
| 6 |
Path Traversal |
release |
|
Active |
|
|
| 6-1 |
Path Traversal |
release |
High |
Active |
22 |
33 |
| 6-2 |
Path Traversal |
release |
High |
Active |
22 |
33 |
| 6-3 |
Path Traversal |
release |
High |
Active |
22 |
33 |
| 6-4 |
Path Traversal |
release |
High |
Active |
22 |
33 |
| 6-5 |
Path Traversal |
release |
High |
Active |
22 |
33 |
| 7 |
Remote File Inclusion |
release |
High |
Active |
98 |
5 |
| 41 |
Source Code Disclosure - Git |
beta |
High |
Active |
541 |
34 |
| 42 |
Source Code Disclosure - SVN |
beta |
Medium |
Active |
541 |
34 |
| 43 |
Source Code Disclosure - File Inclusion |
beta |
High |
Active |
541 |
33 |
| 10003 |
Vulnerable JS Library |
release |
Medium |
Passive |
1395 |
|
| 10004 |
Tech Detection Passive Scanner |
release |
Informational |
Tool |
|
13 |
| 10009 |
In Page Banner Information Leak |
release |
Low |
Passive |
497 |
13 |
| 10010 |
Cookie No HttpOnly Flag |
release |
Low |
Passive |
1004 |
13 |
| 10011 |
Cookie Without Secure Flag |
release |
Low |
Passive |
614 |
13 |
| 10015 |
Re-examine Cache-control Directives |
release |
Informational |
Passive |
525 |
13 |
| 10016 |
Web Browser XSS Protection Not Enabled |
deprecated |
|
Passive |
|
|
| 10017 |
Cross-Domain JavaScript Source File Inclusion |
release |
Low |
Passive |
829 |
15 |
| 10019 |
Content-Type Header Missing |
release |
|
Passive |
|
|
| 10019-1 |
Content-Type Header Missing |
release |
Informational |
Passive |
345 |
12 |
| 10019-2 |
Content-Type Header Empty |
release |
Informational |
Passive |
345 |
12 |
| 10020 |
Anti-clickjacking Header |
release |
|
Passive |
|
|
| 10020-1 |
Missing Anti-clickjacking Header |
release |
Medium |
Passive |
1021 |
15 |
| 10020-2 |
Multiple X-Frame-Options Header Entries |
release |
Medium |
Passive |
1021 |
15 |
| 10020-3 |
X-Frame-Options Defined via META (Non-compliant with Spec) |
release |
Medium |
Passive |
1021 |
15 |
| 10020-4 |
X-Frame-Options Setting Malformed |
release |
Medium |
Passive |
1021 |
15 |
| 10021 |
X-Content-Type-Options Header Missing |
release |
Low |
Passive |
693 |
15 |
| 10023 |
Information Disclosure - Debug Error Messages |
release |
Low |
Passive |
1295 |
13 |
| 10024 |
Information Disclosure - Sensitive Information in URL |
release |
Informational |
Passive |
598 |
13 |
| 10025 |
Information Disclosure - Sensitive Information in HTTP Referrer Header |
release |
Informational |
Passive |
598 |
13 |
| 10026 |
HTTP Parameter Override |
beta |
Medium |
Passive |
20 |
20 |
| 10027 |
Information Disclosure - Suspicious Comments |
release |
Informational |
Passive |
615 |
13 |
| 10028 |
Off-site Redirect |
release |
High |
Passive |
601 |
38 |
| 10029 |
Cookie Poisoning |
release |
Informational |
Passive |
565 |
20 |
| 10030 |
User Controllable Charset |
release |
Informational |
Passive |
20 |
20 |
| 10031 |
User Controllable HTML Element Attribute (Potential XSS) |
release |
Informational |
Passive |
20 |
20 |
| 10032 |
Viewstate |
release |
|
Passive |
|
|
| 10032-1 |
Potential IP Addresses Found in the Viewstate |
release |
Medium |
Passive |
642 |
14 |
| 10032-2 |
Emails Found in the Viewstate |
release |
Medium |
Passive |
642 |
14 |
| 10032-3 |
Old Asp.Net Version in Use |
release |
Low |
Passive |
642 |
14 |
| 10032-4 |
Viewstate without MAC Signature (Unsure) |
release |
High |
Passive |
642 |
14 |
| 10032-5 |
Viewstate without MAC Signature (Sure) |
release |
High |
Passive |
642 |
14 |
| 10032-6 |
Split Viewstate in Use |
release |
Informational |
Passive |
642 |
14 |
| 10033 |
Directory Browsing |
release |
Medium |
Passive |
548 |
16 |
| 10034 |
Heartbleed OpenSSL Vulnerability (Indicative) |
release |
High |
Passive |
119 |
20 |
| 10035 |
Strict-Transport-Security Header |
release |
|
Passive |
|
|
| 10035-1 |
Strict-Transport-Security Header Not Set |
release |
Low |
Passive |
319 |
15 |
| 10035-2 |
Strict-Transport-Security Disabled |
release |
Low |
Passive |
319 |
15 |
| 10035-3 |
Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec) |
release |
Low |
Passive |
319 |
15 |
| 10035-4 |
Strict-Transport-Security Header on Plain HTTP Response |
release |
Informational |
Passive |
319 |
15 |
| 10035-5 |
Strict-Transport-Security Missing Max-Age (Non-compliant with Spec) |
release |
Low |
Passive |
319 |
15 |
| 10035-6 |
Strict-Transport-Security Defined via META (Non-compliant with Spec) |
release |
Low |
Passive |
319 |
15 |
| 10035-7 |
Strict-Transport-Security Max-Age Malformed (Non-compliant with Spec) |
release |
Low |
Passive |
319 |
15 |
| 10035-8 |
Strict-Transport-Security Malformed Content (Non-compliant with Spec) |
release |
Low |
Passive |
319 |
15 |
| 10036 |
HTTP Server Response Header |
release |
|
Passive |
|
|
| 10036-1 |
Server Leaks its Webserver Application via "Server" HTTP Response Header Field |
release |
Informational |
Passive |
497 |
13 |
| 10036-2 |
Server Leaks Version Information via "Server" HTTP Response Header Field |
release |
Low |
Passive |
497 |
13 |
| 10037 |
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) |
release |
Low |
Passive |
497 |
13 |
| 10038 |
Content Security Policy (CSP) Header Not Set |
release |
|
Passive |
|
|
| 10038-1 |
Content Security Policy (CSP) Header Not Set |
release |
Medium |
Passive |
693 |
15 |
| 10038-2 |
Obsolete Content Security Policy (CSP) Header Found |
release |
Informational |
Passive |
693 |
15 |
| 10038-3 |
Content Security Policy (CSP) Report-Only Header Found |
release |
Informational |
Passive |
693 |
15 |
| 10039 |
X-Backend-Server Header Information Leak |
release |
Low |
Passive |
497 |
13 |
| 10040 |
Secure Pages Include Mixed Content |
release |
Low |
Passive |
311 |
4 |
| 10041 |
HTTP to HTTPS Insecure Transition in Form Post |
release |
Medium |
Passive |
319 |
15 |
| 10042 |
HTTPS to HTTP Insecure Transition in Form Post |
release |
Medium |
Passive |
319 |
15 |
| 10043 |
User Controllable JavaScript Event (XSS) |
release |
Informational |
Passive |
20 |
20 |
| 10044 |
Big Redirect Detected (Potential Sensitive Information Leak) |
release |
|
Passive |
|
|
| 10044-1 |
Big Redirect Detected (Potential Sensitive Information Leak) |
release |
Low |
Passive |
201 |
13 |
| 10044-2 |
Multiple HREFs Redirect Detected (Potential Sensitive Information Leak) |
release |
Low |
Passive |
201 |
13 |
| 10045 |
Source Code Disclosure - /WEB-INF Folder |
release |
|
Active |
|
|
| 10045-1 |
Source Code Disclosure - /WEB-INF Folder |
release |
High |
Active |
541 |
34 |
| 10045-2 |
Properties File Disclosure - /WEB-INF folder |
release |
High |
Active |
541 |
34 |
| 10046 |
Insecure Component |
deprecated |
|
Passive |
|
|
| 10047 |
HTTPS Content Available via HTTP |
release |
Low |
Active |
311 |
4 |
| 10048 |
Remote Code Execution - Shell Shock |
release |
|
Active |
|
|
| 10048-1 |
Remote Code Execution - Shell Shock |
release |
High |
Active |
78 |
31 |
| 10048-2 |
Remote Code Execution - Shell Shock |
release |
High |
Active |
78 |
31 |
| 10049 |
Content Cacheability |
beta |
|
Passive |
|
|
| 10049-1 |
Non-Storable Content |
beta |
Informational |
Passive |
524 |
13 |
| 10049-2 |
Storable but Non-Cacheable Content |
beta |
Informational |
Passive |
524 |
13 |
| 10049-3 |
Storable and Cacheable Content |
beta |
Informational |
Passive |
524 |
13 |
| 10050 |
Retrieved from Cache |
release |
|
Passive |
|
|
| 10050-1 |
Retrieved from Cache |
release |
Informational |
Passive |
525 |
|
| 10050-2 |
Retrieved from Cache |
release |
Informational |
Passive |
525 |
|
| 10051 |
Relative Path Confusion |
beta |
Medium |
Active |
20 |
20 |
| 10052 |
X-ChromeLogger-Data (XCOLD) Header Information Leak |
release |
Medium |
Passive |
532 |
13 |
| 10053 |
Apache Range Header DoS (CVE-2011-3192) |
deprecated |
Medium |
Active |
400 |
10 |
| 10054 |
Cookie without SameSite Attribute |
release |
|
Passive |
|
|
| 10054-1 |
Cookie without SameSite Attribute |
release |
Low |
Passive |
1275 |
13 |
| 10054-2 |
Cookie with SameSite Attribute None |
release |
Low |
Passive |
1275 |
13 |
| 10054-3 |
Cookie with Invalid SameSite Attribute |
release |
Low |
Passive |
1275 |
13 |
| 10055 |
CSP |
release |
|
Passive |
|
|
| 10055-1 |
CSP: X-Content-Security-Policy |
release |
Low |
Passive |
693 |
15 |
| 10055-2 |
CSP: X-WebKit-CSP |
release |
Low |
Passive |
693 |
15 |
| 10055-3 |
CSP: Notices |
release |
Low |
Passive |
693 |
15 |
| 10055-4 |
CSP: Wildcard Directive |
release |
Medium |
Passive |
693 |
15 |
| 10055-5 |
CSP: script-src unsafe-inline |
release |
Medium |
Passive |
693 |
15 |
| 10055-6 |
CSP: style-src unsafe-inline |
release |
Medium |
Passive |
693 |
15 |
| 10055-7 |
CSP: script-src unsafe-hashes |
release |
Medium |
Passive |
693 |
15 |
| 10055-8 |
CSP: style-src unsafe-hashes |
release |
Medium |
Passive |
693 |
15 |
| 10055-9 |
CSP: Malformed Policy (Non-ASCII) |
release |
Medium |
Passive |
693 |
15 |
| 10055-10 |
CSP: script-src unsafe-eval |
release |
Medium |
Passive |
693 |
15 |
| 10055-11 |
CSP: Meta Policy Invalid Directive |
release |
Medium |
Passive |
693 |
15 |
| 10055-12 |
CSP: Header & Meta |
release |
Informational |
Passive |
693 |
15 |
| 10055-13 |
CSP: Failure to Define Directive with No Fallback |
release |
Medium |
Passive |
693 |
15 |
| 10056 |
X-Debug-Token Information Leak |
release |
Low |
Passive |
489 |
13 |
| 10057 |
Username Hash Found |
release |
Informational |
Passive |
284 |
2 |
| 10058 |
GET for POST |
release |
Informational |
Active |
16 |
20 |
| 10061 |
X-AspNet-Version Response Header |
release |
Low |
Passive |
933 |
14 |
| 10062 |
PII Disclosure |
release |
High |
Passive |
359 |
13 |
| 10063 |
Permissions Policy Header Not Set |
beta |
|
Passive |
|
|
| 10063-1 |
Permissions Policy Header Not Set |
beta |
Low |
Passive |
693 |
15 |
| 10063-2 |
Deprecated Feature Policy Header Set |
beta |
Low |
Passive |
16 |
15 |
| 10070 |
Use of SAML |
alpha |
|
Passive |
|
|
| 10094 |
Base64 Disclosure |
alpha |
|
Passive |
|
|
| 10094-1 |
ASP.NET ViewState Disclosure |
alpha |
Informational |
Passive |
319 |
13 |
| 10094-2 |
ASP.NET ViewState Integrity |
alpha |
High |
Passive |
642 |
13 |
| 10094-3 |
Base64 Disclosure |
alpha |
Informational |
Passive |
319 |
13 |
| 10095 |
Backup File Disclosure |
beta |
Medium |
Active |
530 |
34 |
| 10096 |
Timestamp Disclosure - Unix |
release |
Low |
Passive |
497 |
13 |
| 10097 |
Hash Disclosure |
release |
|
Passive |
|
|
| 10097-1 |
Hash Disclosure - LanMan / DES |
release |
High |
Passive |
497 |
13 |
| 10097-2 |
Hash Disclosure - Kerberos AFS DES |
release |
High |
Passive |
497 |
13 |
| 10097-3 |
Hash Disclosure - OpenBSD Blowfish |
release |
High |
Passive |
497 |
13 |
| 10097-4 |
Hash Disclosure - MD5 Crypt |
release |
High |
Passive |
497 |
13 |
| 10097-5 |
Hash Disclosure - SHA-256 Crypt |
release |
High |
Passive |
497 |
13 |
| 10097-6 |
Hash Disclosure - SHA-512 Crypt |
release |
High |
Passive |
497 |
13 |
| 10097-7 |
Hash Disclosure - BCrypt |
release |
High |
Passive |
497 |
13 |
| 10097-8 |
Hash Disclosure - NTLM |
release |
High |
Passive |
497 |
13 |
| 10097-9 |
Hash Disclosure - Salted SHA-1 |
release |
Low |
Passive |
497 |
13 |
| 10097-10 |
Hash Disclosure - SHA-512 |
release |
Low |
Passive |
497 |
13 |
| 10097-11 |
Hash Disclosure - SHA-384 |
release |
Low |
Passive |
497 |
13 |
| 10097-12 |
Hash Disclosure - SHA-256 |
release |
Low |
Passive |
497 |
13 |
| 10097-13 |
Hash Disclosure - SHA-224 |
release |
Low |
Passive |
497 |
13 |
| 10097-14 |
Hash Disclosure - SHA-1 |
release |
Low |
Passive |
497 |
13 |
| 10097-15 |
Hash Disclosure - LanMan |
release |
Low |
Passive |
497 |
13 |
| 10097-16 |
Hash Disclosure - MD4 / MD5 |
release |
Low |
Passive |
497 |
13 |
| 10098 |
Cross-Domain Misconfiguration |
release |
Medium |
Passive |
264 |
14 |
| 10099 |
Source Code Disclosure - PHP |
beta |
Medium |
Passive |
540 |
13 |
| 10101 |
Access Control Issue - Improper Authentication |
alpha |
High |
Tool |
287 |
1 |
| 10102 |
Access Control Issue - Improper Authorization |
alpha |
High |
Tool |
205 |
2 |
| 10103 |
Image Exposes Location or Privacy Data |
beta |
Informational |
Passive |
200 |
13 |
| 10104 |
User Agent Fuzzer |
release |
Informational |
Active |
|
|
| 10105 |
Weak Authentication Method |
release |
|
Passive |
|
|
| 10105-1 |
Authentication Credentials Captured |
release |
Medium |
Passive |
287 |
1 |
| 10105-2 |
Weak Authentication Method |
release |
Medium |
Passive |
326 |
4 |
| 10106 |
HTTP Only Site |
release |
Medium |
Active |
311 |
4 |
| 10107 |
Httpoxy - Proxy Header Misuse |
beta |
High |
Active |
20 |
20 |
| 10108 |
Reverse Tabnabbing |
release |
Medium |
Passive |
1022 |
|
| 10109 |
Modern Web Application |
release |
Informational |
Passive |
|
|
| 10110 |
Dangerous JS Functions |
beta |
Low |
Passive |
749 |
|
| 10111 |
Authentication Request Identified |
beta |
Informational |
Passive |
|
|
| 10112 |
Session Management Response Identified |
beta |
Informational |
Passive |
|
|
| 10113 |
Verification Request Identified |
beta |
Informational |
Passive |
|
|
| 10115 |
Script Served From Malicious Domain (polyfill) |
release |
|
Passive |
|
|
| 10115-1 |
Script Served From Malicious Domain (polyfill) |
release |
High |
Passive |
829 |
15 |
| 10115-2 |
Script Served From Malicious Domain (polyfill) |
release |
High |
Passive |
829 |
15 |
| 10116 |
ZAP is Out of Date |
release |
Medium |
Passive |
1104 |
45 |
| 10202 |
Absence of Anti-CSRF Tokens |
release |
Medium |
Passive |
352 |
9 |
| 10205 |
HTTPS Configuration |
alpha |
|
Active |
|
|
| 10205-1 |
HTTPS Configuration |
alpha |
Informational |
Active |
311 |
4 |
| 10205-2 |
HTTPS Security Configuration Issues |
alpha |
High |
Active |
311 |
4 |
| 20012 |
Anti-CSRF Tokens Check |
beta |
Medium |
Active |
352 |
9 |
| 20014 |
HTTP Parameter Pollution |
beta |
Informational |
Active |
20 |
20 |
| 20015 |
Heartbleed OpenSSL Vulnerability |
release |
High |
Active |
119 |
20 |
| 20016 |
Cross-Domain Misconfiguration |
beta |
|
Active |
|
|
| 20016-1 |
Cross-Domain Misconfiguration - Adobe - Read |
beta |
High |
Active |
264 |
14 |
| 20016-2 |
Cross-Domain Misconfiguration - Adobe - Send |
beta |
High |
Active |
264 |
14 |
| 20016-3 |
Cross-Domain Misconfiguration - Silverlight |
beta |
High |
Active |
264 |
14 |
| 20017 |
Source Code Disclosure - CVE-2012-1823 |
release |
High |
Active |
20 |
20 |
| 20018 |
Remote Code Execution - CVE-2012-1823 |
release |
High |
Active |
20 |
20 |
| 20019 |
External Redirect |
release |
|
Active |
|
|
| 20019-1 |
External Redirect |
release |
High |
Active |
601 |
38 |
| 20019-2 |
External Redirect |
release |
High |
Active |
601 |
38 |
| 20019-3 |
External Redirect |
release |
High |
Active |
601 |
38 |
| 20019-4 |
External Redirect |
release |
High |
Active |
601 |
38 |
| 30001 |
Buffer Overflow |
release |
Medium |
Active |
120 |
7 |
| 30002 |
Format String Error |
release |
Medium |
Active |
134 |
6 |
| 30003 |
Integer Overflow Error |
beta |
Medium |
Active |
190 |
3 |
| 40003 |
CRLF Injection |
release |
Medium |
Active |
113 |
25 |
| 40008 |
Parameter Tampering |
release |
Medium |
Active |
472 |
20 |
| 40009 |
Server Side Include |
release |
High |
Active |
97 |
31 |
| 40012 |
Cross Site Scripting (Reflected) |
release |
High |
Active |
79 |
8 |
| 40013 |
Session Fixation |
beta |
|
Active |
|
|
| 40013-1 |
Session ID Transmitted Insecurely |
beta |
Medium |
Active |
384 |
37 |
| 40013-2 |
Session ID Cookie Accessible to JavaScript |
beta |
Low |
Active |
384 |
37 |
| 40013-3 |
Session ID Expiry Time/Max-Age is Excessive |
beta |
High |
Active |
384 |
37 |
| 40013-4 |
Session Fixation |
beta |
Informational |
Active |
384 |
37 |
| 40013-5 |
Exposed Session ID |
beta |
Medium |
Active |
384 |
37 |
| 40013-6 |
Session Fixation |
beta |
Medium |
Active |
384 |
37 |
| 40014 |
Cross Site Scripting (Persistent) |
release |
|
Active |
|
|
| 40014-1 |
Cross Site Scripting (Persistent) |
release |
High |
Active |
79 |
8 |
| 40014-2 |
Cross Site Scripting Weakness (Persistent in JSON Response) |
release |
Low |
Active |
79 |
8 |
| 40014-3 |
Cross Site Scripting (Persistent) |
release |
High |
Active |
79 |
8 |
| 40015 |
LDAP Injection |
alpha |
High |
Active |
90 |
29 |
| 40016 |
Cross Site Scripting (Persistent) - Prime |
release |
Informational |
Active |
79 |
8 |
| 40017 |
Cross Site Scripting (Persistent) - Spider |
release |
Informational |
Active |
79 |
8 |
| 40018 |
SQL Injection |
release |
High |
Active |
89 |
19 |
| 40019 |
SQL Injection - MySQL (Time Based) |
release |
High |
Active |
89 |
19 |
| 40020 |
SQL Injection - Hypersonic SQL (Time Based) |
release |
High |
Active |
89 |
19 |
| 40021 |
SQL Injection - Oracle (Time Based) |
release |
High |
Active |
89 |
19 |
| 40022 |
SQL Injection - PostgreSQL (Time Based) |
release |
High |
Active |
89 |
19 |
| 40023 |
Possible Username Enumeration |
beta |
Informational |
Active |
204 |
13 |
| 40024 |
SQL Injection - SQLite (Time Based) |
alpha |
|
Active |
|
|
| 40024-1 |
SQL Injection - SQLite (Time Based) |
alpha |
High |
Active |
89 |
19 |
| 40024-2 |
SQL Injection - SQLite (Time Based) |
alpha |
High |
Active |
89 |
19 |
| 40025 |
Proxy Disclosure |
beta |
Medium |
Active |
204 |
45 |
| 40026 |
Cross Site Scripting (DOM Based) |
release |
High |
Active |
79 |
8 |
| 40027 |
SQL Injection - MsSQL (Time Based) |
release |
High |
Active |
89 |
19 |
| 40028 |
ELMAH Information Leak |
release |
Medium |
Active |
94 |
14 |
| 40029 |
Trace.axd Information Leak |
release |
Medium |
Active |
215 |
13 |
| 40031 |
Out of Band XSS |
beta |
High |
Active |
79 |
8 |
| 40032 |
.htaccess Information Leak |
release |
Medium |
Active |
94 |
14 |
| 40033 |
NoSQL Injection - MongoDB |
beta |
High |
Active |
943 |
19 |
| 40034 |
.env Information Leak |
release |
Medium |
Active |
215 |
13 |
| 40035 |
Hidden File Found |
release |
Medium |
Active |
538 |
13 |
| 40036 |
JWT Scan Rule |
alpha |
Medium |
Active |
|
|
| 40038 |
Bypassing 403 |
beta |
Medium |
Active |
348 |
|
| 40039 |
Web Cache Deception |
alpha |
Medium |
Active |
444 |
|
| 40040 |
CORS Header |
beta |
|
Active |
|
|
| 40040-1 |
CORS Header |
beta |
Informational |
Active |
942 |
14 |
| 40040-2 |
CORS Misconfiguration |
beta |
Medium |
Active |
942 |
14 |
| 40040-3 |
CORS Misconfiguration |
beta |
High |
Active |
942 |
14 |
| 40041 |
File Upload |
alpha |
Medium |
Active |
|
|
| 40042 |
Spring Actuator Information Leak |
release |
Medium |
Active |
215 |
13 |
| 40043 |
Log4Shell |
release |
|
Active |
|
|
| 40043-1 |
Log4Shell (CVE-2021-44228) |
release |
High |
Active |
117 |
20 |
| 40043-2 |
Log4Shell (CVE-2021-45046) |
release |
High |
Active |
117 |
20 |
| 40044 |
Exponential Entity Expansion (Billion Laughs Attack) |
release |
Medium |
Active |
776 |
44 |
| 40045 |
Spring4Shell |
release |
High |
Active |
78 |
20 |
| 40046 |
Server Side Request Forgery |
beta |
High |
Active |
918 |
20 |
| 40047 |
Text4shell (CVE-2022-42889) |
beta |
High |
Active |
117 |
20 |
| 40048 |
Remote Code Execution (React2Shell) |
release |
High |
Active |
78 |
32 |
| 40100 |
Client-Side Data Flow |
alpha |
Informational |
Tool |
|
|
| 40101 |
Cross-site Scripting |
alpha |
High |
Tool |
79 |
8 |
| 40102 |
Cross-site Scripting |
alpha |
High |
Tool |
79 |
8 |
| 40103 |
Cross Site Request Forgery |
alpha |
High |
Tool |
352 |
9 |
| 50007 |
ExtensionGraphQl |
alpha |
|
Tool |
|
|
| 50007-1 |
GraphQL Endpoint Supports Introspection |
alpha |
Informational |
Tool |
16 |
15 |
| 50007-2 |
GraphQL Server Implementation Identified |
alpha |
Informational |
Tool |
205 |
45 |
| 50007-3 |
GraphQL Circular Type Reference |
alpha |
Informational |
Tool |
16 |
15 |
| 90001 |
Insecure JSF ViewState |
release |
Medium |
Passive |
642 |
14 |
| 90002 |
Java Serialization Object |
release |
Medium |
Passive |
502 |
|
| 90003 |
Sub Resource Integrity Attribute Missing |
release |
Medium |
Passive |
345 |
15 |
| 90004 |
Insufficient Site Isolation Against Spectre Vulnerability |
beta |
|
Passive |
|
|
| 90004-1 |
Cross-Origin-Resource-Policy Header Missing or Invalid |
beta |
Low |
Passive |
693 |
14 |
| 90004-2 |
Cross-Origin-Embedder-Policy Header Missing or Invalid |
beta |
Low |
Passive |
693 |
14 |
| 90004-3 |
Cross-Origin-Opener-Policy Header Missing or Invalid |
beta |
Low |
Passive |
693 |
14 |
| 90005 |
Fetch Metadata Request Headers |
alpha |
|
Passive |
|
|
| 90005-1 |
Sec-Fetch-Site Header is Missing |
alpha |
Informational |
Passive |
352 |
9 |
| 90005-2 |
Sec-Fetch-Mode Header is Missing |
alpha |
Informational |
Passive |
352 |
9 |
| 90005-3 |
Sec-Fetch-Dest Header is Missing |
alpha |
Informational |
Passive |
352 |
9 |
| 90005-4 |
Sec-Fetch-User Header is Missing |
alpha |
Informational |
Passive |
352 |
9 |
| 90005-5 |
Sec-Fetch-Site Header Has an Invalid Value |
alpha |
Informational |
Passive |
352 |
9 |
| 90005-6 |
Sec-Fetch-Mode Header Has an Invalid Value |
alpha |
Informational |
Passive |
352 |
9 |
| 90005-7 |
Sec-Fetch-Dest Header Has an Invalid Value |
alpha |
Informational |
Passive |
352 |
9 |
| 90005-8 |
Sec-Fetch-User Header Has an Invalid Value |
alpha |
Informational |
Passive |
352 |
9 |
| 90011 |
Charset Mismatch |
release |
|
Passive |
|
|
| 90011-1 |
Charset Mismatch (Header Versus Meta Content-Type Charset) |
release |
Informational |
Passive |
436 |
15 |
| 90011-2 |
Charset Mismatch (Header Versus Meta Charset) |
release |
Informational |
Passive |
436 |
15 |
| 90011-3 |
Charset Mismatch (Meta Charset Versus Meta Content-Type Charset) |
release |
Informational |
Passive |
436 |
15 |
| 90011-4 |
Charset Mismatch |
release |
Informational |
Passive |
436 |
15 |
| 90017 |
XSLT Injection |
release |
Medium |
Active |
91 |
23 |
| 90018 |
Advanced SQL Injection |
beta |
High |
Active |
89 |
19 |
| 90019 |
Server Side Code Injection |
release |
|
Active |
|
|
| 90019-1 |
Server Side Code Injection - PHP Code Injection |
release |
High |
Active |
94 |
20 |
| 90019-2 |
Server Side Code Injection - ASP Code Injection |
release |
High |
Active |
94 |
20 |
| 90020 |
Remote OS Command Injection |
release |
High |
Active |
78 |
31 |
| 90021 |
XPath Injection |
release |
High |
Active |
643 |
39 |
| 90022 |
Application Error Disclosure |
release |
Medium |
Passive |
550 |
13 |
| 90023 |
XML External Entity Attack |
release |
High |
Active |
611 |
43 |
| 90024 |
Generic Padding Oracle |
release |
High |
Active |
209 |
20 |
| 90025 |
Expression Language Injection |
beta |
High |
Active |
917 |
20 |
| 90026 |
SOAP Action Spoofing |
beta |
High |
Active |
451 |
|
| 90027 |
Cookie Slack Detector |
beta |
Informational |
Active |
205 |
45 |
| 90028 |
Insecure HTTP Method |
beta |
|
Active |
|
|
| 90028-1 |
Insecure HTTP Method - DELETE |
beta |
Medium |
Active |
749 |
45 |
| 90028-2 |
Insecure HTTP Method - PUT |
beta |
Medium |
Active |
749 |
45 |
| 90028-3 |
Insecure HTTP Method - TRACE |
beta |
Medium |
Active |
749 |
45 |
| 90028-4 |
Insecure HTTP Method - CONNECT |
beta |
Medium |
Active |
749 |
45 |
| 90028-5 |
Insecure HTTP Method - PROPFIND |
beta |
Informational |
Active |
749 |
45 |
| 90028-6 |
Insecure HTTP Method - PUT |
beta |
Medium |
Active |
749 |
45 |
| 90029 |
SOAP XML Injection |
beta |
High |
Active |
91 |
|
| 90030 |
WSDL File Detection |
beta |
|
Passive |
|
|
| 90033 |
Loosely Scoped Cookie |
release |
Informational |
Passive |
565 |
15 |
| 90034 |
Cloud Metadata Potentially Exposed |
release |
High |
Active |
1230 |
|
| 90035 |
Server Side Template Injection |
release |
High |
Active |
1336 |
20 |
| 90036 |
Server Side Template Injection (Blind) |
release |
High |
Active |
1336 |
20 |
| 90037 |
Remote OS Command Injection (Time Based) |
release |
High |
Active |
78 |
31 |
| 90039 |
NoSQL Injection - MongoDB (Time Based) |
beta |
High |
Active |
943 |
19 |
| 100000 |
An Error response code was returned by the server |
release |
|
Script Httpsender |
|
|
| 100000-1 |
A Client Error response code was returned by the server |
release |
Info |
Script Httpsender |
388 |
20 |
| 100000-2 |
A Server Error response code was returned by the server |
release |
Low |
Script Httpsender |
388 |
20 |
| 100001 |
Unexpected Content-Type was returned |
release |
Low |
Script Httpsender |
|
|
| 100002 |
Server is running on Clacks - GNU Terry Pratchett |
alpha |
Informational |
Script Passive |
200 |
13 |
| 100003 |
Cookie Set Without HttpOnly Flag |
alpha |
Low |
Script Passive |
|
13 |
| 100004 |
Content Security Policy Violations Reporting Enabled |
alpha |
Informational |
Script Passive |
200 |
13 |
| 100005 |
SameSite Cookie Attribute Protection Used |
alpha |
Informational |
Script Passive |
352 |
9 |
| 100006 |
Information Disclosure - IP Exposed via F5 BIG-IP Persistence Cookie |
alpha |
Informational |
Script Passive |
311 |
13 |
| 100007 |
Information Disclosure - Base64-encoded String |
alpha |
Informational |
Script Passive |
311 |
13 |
| 100008 |
Information Disclosure - Credit Card Number |
alpha |
High |
Script Passive |
311 |
13 |
| 100009 |
Information Disclosure - Email Addresses |
alpha |
Low |
Script Passive |
311 |
13 |
| 100010 |
Information Disclosure - Hash |
alpha |
Low |
Script Passive |
327 |
13 |
| 100011 |
Information Disclosure - HTML Comments |
alpha |
Informational |
Script Passive |
615 |
13 |
| 100012 |
Information Disclosure - IBAN Numbers |
alpha |
Low |
Script Passive |
200 |
13 |
| 100013 |
Information Disclosure - Private IP Address |
alpha |
Medium |
Script Passive |
200 |
13 |
| 100014 |
Reflected HTTP GET Parameter(s) |
alpha |
Informational |
Script Passive |
79 |
8 |
| 100015 |
HUNT Methodology |
alpha |
Informational |
Script Passive |
|
|
| 100016 |
Missing Security Headers |
alpha |
Low |
Script Passive |
693 |
15 |
| 100017 |
Non Static Site Detected |
alpha |
Informational |
Script Passive |
|
|
| 100018 |
Relative Path Overwrite |
alpha |
Medium |
Script Passive |
20 |
13 |
| 100019 |
Information Disclosure - Server Header |
alpha |
Low |
Script Passive |
200 |
13 |
| 100020 |
Information Disclosure - SQL Error |
alpha |
High |
Script Passive |
209 |
13 |
| 100021 |
Telerik UI for ASP.NET AJAX Cryptographic Weakness (CVE-2017-9248) |
alpha |
High |
Script Passive |
327 |
13 |
| 100022 |
Upload Form Discovered |
alpha |
Informational |
Script Passive |
434 |
20 |
| 100023 |
Information Disclosure - X-Powered-By Header |
alpha |
Low |
Script Passive |
200 |
13 |
| 100025 |
Cross-Site WebSocket Hijacking |
alpha |
High |
Script Active |
346 |
9 |
| 100026 |
JWT None Exploit |
alpha |
High |
Script Active |
347 |
15 |
| 100029 |
File Content Disclosure (CVE-2019-5418) |
alpha |
High |
Script Active |
74 |
33 |
| 100030 |
Backup File Detected |
alpha |
Low |
Script Active |
425 |
34 |
| 100034 |
Information Disclosure - Google API Key |
alpha |
Informational |
Script Passive |
200 |
13 |
| 100035 |
Information Disclosure - Java Stack Trace |
alpha |
Medium |
Script Passive |
209 |
13 |
| 100036 |
Information Disclosure - Amazon S3 Bucket URL |
alpha |
Low |
Script Passive |
200 |
13 |
| 100043 |
Swagger UI Secret & Vulnerability Detector |
alpha |
|
Script Active |
|
|
| 100043-1 |
Vulnerable Swagger UI Version Detected |
alpha |
High |
Script Active |
522 |
|
| 100043-2 |
Exposed Secrets in Swagger/OpenAPI Path |
alpha |
High |
Script Active |
522 |
|
| 100044 |
Suspicious Input Transformation |
alpha |
|
Script Active |
|
|
| 100044-1 |
Suspicious Input Transformation - Quote Consumption |
alpha |
High |
Script Active |
20 |
20 |
| 100044-2 |
Suspicious Input Transformation - Arithmetic Evaluation |
alpha |
High |
Script Active |
20 |
20 |
| 100044-3 |
Suspicious Input Transformation - Expression Evaluation |
alpha |
High |
Script Active |
20 |
20 |
| 100044-4 |
Suspicious Input Transformation - Template Evaluation |
alpha |
High |
Script Active |
20 |
20 |
| 100044-5 |
Suspicious Input Transformation - EL Evaluation |
alpha |
High |
Script Active |
20 |
20 |
| 100044-6 |
Suspicious Input Transformation - Unicode Normalisation |
alpha |
High |
Script Active |
20 |
20 |
| 100044-7 |
Suspicious Input Transformation - URL Decoding Error |
alpha |
High |
Script Active |
20 |
20 |
| 100044-8 |
Suspicious Input Transformation - Unicode Byte Truncation |
alpha |
High |
Script Active |
20 |
20 |
| 100044-9 |
Suspicious Input Transformation - Unicode Case Conversion |
alpha |
High |
Script Active |
20 |
20 |
| 100044-10 |
Suspicious Input Transformation - Unicode Combining Diacritic |
alpha |
High |
Script Active |
20 |
20 |
| 110001 |
Application Error Disclosure via WebSockets |
release |
Medium |
WebSocket Passive |
209 |
13 |
| 110002 |
Base64 Disclosure in WebSocket message |
release |
Informational |
WebSocket Passive |
|
|
| 110003 |
Information Disclosure - Debug Error Messages via WebSocket |
release |
Low |
WebSocket Passive |
209 |
13 |
| 110004 |
Email address found in WebSocket message |
release |
Informational |
WebSocket Passive |
359 |
13 |
| 110005 |
Personally Identifiable Information via WebSocket |
release |
High |
WebSocket Passive |
359 |
13 |
| 110006 |
Private IP Disclosure via WebSocket |
release |
Low |
WebSocket Passive |
|
|
| 110007 |
Username Hash Found in WebSocket message |
release |
Informational |
WebSocket Passive |
284 |
2 |
| 110008 |
Information Disclosure - Suspicious Comments in XML via WebSocket |
release |
Informational |
WebSocket Passive |
200 |
13 |
| 110009 |
Full Path Disclosure |
alpha |
Low |
Passive |
209 |
13 |
| 120000 |
Information Disclosure - Information in Browser Storage |
alpha |
|
Client Passive |
|
|
| 120000-1 |
Information Disclosure - Information in Browser localStorage |
alpha |
Informational |
Client Passive |
359 |
13 |
| 120000-2 |
Information Disclosure - Information in Browser sessionStorage |
alpha |
Informational |
Client Passive |
359 |
13 |
| 120001 |
Information Disclosure - Sensitive Information in Browser Storage |
alpha |
|
Client Passive |
|
|
| 120001-1 |
Information Disclosure - Sensitive Information in Browser localStorage |
alpha |
Low |
Client Passive |
359 |
13 |
| 120001-2 |
Information Disclosure - Sensitive Information in Browser sessionStorage |
alpha |
Low |
Client Passive |
359 |
13 |
| 120002 |
Information Disclosure - JWT in Browser Storage |
alpha |
|
Client Passive |
|
|
| 120002-1 |
Information Disclosure - JWT in Browser localStorage |
alpha |
Medium |
Client Passive |
922 |
13 |
| 120002-2 |
Information Disclosure - JWT in Browser sessionStorage |
alpha |
Informational |
Client Passive |
922 |
13 |
| 200000 |
SQL Injection |
alpha |
|
Tool |
|
|
| 200000-1 |
SQL Injection - Single Quote (before) |
alpha |
Medium |
Tool |
|
|
| 200000-2 |
SQL Injection - Double Quote (before) |
alpha |
Medium |
Tool |
|
|
| 200000-3 |
SQL Injection - Single Quote (after) |
alpha |
Medium |
Tool |
|
|
| 200000-4 |
SQL Injection - Double Quote (after) |
alpha |
Medium |
Tool |
|
|
| 200001 |
OS Command Injection - Unix cat /etc/passwd (pipe) |
alpha |
Medium |
Tool |
|
|
| 200002 |
Reflected Cross-Site Scripting (XSS) |
alpha |
|
Tool |
|
|
| 200002-1 |
XSS - Unfiltered <script> tag |
alpha |
Medium |
Tool |
|
|
| 200002-2 |
XSS - Script tag after noscript tag |
alpha |
Medium |
Tool |
|
|
| 200002-3 |
XSS - Svg tag with animation event |
alpha |
Medium |
Tool |
|
|
| 200002-4 |
XSS - Img onerror |
alpha |
Medium |
Tool |
|
|
| 200002-5 |
XSS - Img onerror |
alpha |
Medium |
Tool |
|
|
| 200003 |
JWT None Algorithm attacks |
alpha |
|
Tool |
|
|
| 200003-1 |
JWT Probe (Authorization + JWT cookies removed) |
alpha |
Medium |
Tool |
|
|
| 200003-2 |
JWT Probe (Authorization header removed) |
alpha |
Medium |
Tool |
|
|
| 200003-3 |
JWT Probe (JWT cookies removed) |
alpha |
Medium |
Tool |
|
|
| 200003-4 |
JWT None Algorithm (Cookie) |
alpha |
Medium |
Tool |
|
|
| 200003-5 |
JWT None Algorithm (Form body param) |
alpha |
Medium |
Tool |
|
|
| 200003-6 |
JWT None Algorithm (Authorization header) |
alpha |
Medium |
Tool |
|
|
| 200003-7 |
JWT None Algorithm (JSON body) |
alpha |
Medium |
Tool |
|
|
| 200004 |
Exposure of Version-Control Repository |
alpha |
|
Tool |
|
|
| 200004-1 |
Exposure of Git repository |
alpha |
Medium |
Tool |
|
|
| 200004-2 |
Exposure of SVN repository |
alpha |
Medium |
Tool |
|
|
| 200004-3 |
Exposure of Mercurial repository |
alpha |
Medium |
Tool |
|
|
| 200005 |
OWASP Secure Headers |
alpha |
|
Tool |
|
|
| 200005-1 |
Missing Content-Security-Policy header |
alpha |
Medium |
Tool |
|
|
| 200005-2 |
CSP allows inline/eval or wildcards in script/style |
alpha |
Medium |
Tool |
|
|
| 200005-3 |
CSP 'frame-ancestors' missing or overly broad |
alpha |
Medium |
Tool |
|
|
| 200005-4 |
CSP Report-Only present without enforcing CSP |
alpha |
Medium |
Tool |
|
|
| 200005-5 |
Missing Strict-Transport-Security header (on HTTPS) |
alpha |
Medium |
Tool |
|
|
| 200005-6 |
Strict-Transport-Security sent over HTTP (ineffective) |
alpha |
Medium |
Tool |
|
|
| 200005-7 |
HSTS max-age too low or missing includeSubDomains |
alpha |
Medium |
Tool |
|
|
| 200005-8 |
X-Powered-By header or equivalent present |
alpha |
Medium |
Tool |
|
|
| 200005-9 |
Server banner discloses software/version |
alpha |
Medium |
Tool |
|
|
| 200005-10 |
Missing or invalid X-Content-Type-Options |
alpha |
Medium |
Tool |
|
|
| 200005-11 |
X-XSS-Protection header is a legacy directive |
alpha |
Medium |
Tool |
|
|
| 200005-12 |
Expect-CT is deprecated |
alpha |
Medium |
Tool |
|
|
| 200005-13 |
COOP set without COEP/CORP (incomplete cross-origin isolation) |
alpha |
Medium |
Tool |
|
|
| 200005-14 |
COEP present but value is not 'require-corp' or 'credentialless' |
alpha |
Medium |
Tool |
|
|
| 200005-15 |
Deprecated Feature-Policy or unknown/overly-permissive Permissions-Policy |
alpha |
Medium |
Tool |
|
|
| 200005-16 |
Missing or weak Referrer-Policy |
alpha |
Medium |
Tool |
|
|
| 200005-17 |
Clear-Site-Data present but missing executionContexts |
alpha |
Medium |
Tool |
|
|
| 200005-18 |
Clear-Site-Data uses wildcard * |
alpha |
Medium |
Tool |
|
|
| 200005-19 |
CORS allows any origin with credentials |
alpha |
Medium |
Tool |
|
|
| 200005-20 |
Sensitive cookies missing security flags |
alpha |
Medium |
Tool |
|
|
| 200005-21 |
Potentially authenticated content lacks no-store |
alpha |
Medium |
Tool |
|
|
| 200005-22 |
Public-Key-Pins is deprecated |
alpha |
Medium |
Tool |
|
|
| 200005-23 |
COOP present but value is not 'same-origin' |
alpha |
Medium |
Tool |
|
|
| 200006 |
Sensitive data exposure |
alpha |
|
Tool |
|
|
| 200006-1 |
Credit Card Number |
alpha |
Medium |
Tool |
|
|
| 200006-2 |
Social Security Number |
alpha |
Medium |
Tool |
|
|
| 200007 |
SPA hash DOM XSS |
alpha |
Medium |
Tool |
|
|
| 200008 |
ws:// from HTTPS context |
alpha |
Medium |
Tool |
|
|
| 200009 |
Passive Recon: Source Maps & Debug Artifacts |
alpha |
|
Tool |
|
|
| 200009-1 |
JavaScript includes sourceMappingURL |
alpha |
Medium |
Tool |
|
|
| 200009-2 |
HTML references .map files |
alpha |
Medium |
Tool |
|
|
| 200009-3 |
Webpack dev-server / hot reload artifacts |
alpha |
Medium |
Tool |
|
|
| 200009-4 |
Next.js build metadata exposed |
alpha |
Medium |
Tool |
|
|
| 200010 |
Passive Recon: Error & Stack Trace Disclosure |
alpha |
|
Tool |
|
|
| 200010-1 |
Node.js / Express stack trace |
alpha |
Medium |
Tool |
|
|
| 200010-2 |
Java stack trace |
alpha |
Medium |
Tool |
|
|
| 200010-3 |
.NET stack trace / YSOD |
alpha |
Medium |
Tool |
|
|
| 200010-4 |
Python traceback |
alpha |
Medium |
Tool |
|
|
| 200010-5 |
PHP fatal error / warning |
alpha |
Medium |
Tool |
|
|
| 200010-6 |
Internal file path disclosure |
alpha |
Medium |
Tool |
|
|
| 200011 |
Passive Recon: Client Config & Secret-Like Values |
alpha |
|
Tool |
|
|
| 200011-1 |
Private key material exposed |
alpha |
Medium |
Tool |
|
|
| 200011-2 |
AWS Access Key ID pattern |
alpha |
Medium |
Tool |
|
|
| 200011-3 |
Slack token pattern |
alpha |
Medium |
Tool |
|
|
| 200011-4 |
GitHub token pattern |
alpha |
Medium |
Tool |
|
|
| 200011-5 |
Sentry DSN exposed |
alpha |
Medium |
Tool |
|
|
| 200011-6 |
Firebase config exposed |
alpha |
Medium |
Tool |
|
|
| 200011-7 |
Stripe publishable key exposed |
alpha |
Medium |
Tool |
|
|
| 200011-8 |
Mapbox token exposed |
alpha |
Medium |
Tool |
|
|
| 200011-9 |
Google API key pattern |
alpha |
Medium |
Tool |
|
|
| 200012 |
Passive Recon: API Docs & Specs Exposure |
alpha |
|
Tool |
|
|
| 200012-1 |
Swagger UI detected |
alpha |
Medium |
Tool |
|
|
| 200012-2 |
OpenAPI spec detected |
alpha |
Medium |
Tool |
|
|
| 200012-3 |
API docs endpoint observed |
alpha |
Medium |
Tool |
|
|
| 200012-4 |
GraphQL endpoint observed |
alpha |
Medium |
Tool |
|
|
| 200012-5 |
GraphiQL / GraphQL Playground detected |
alpha |
Medium |
Tool |
|
|
| 200013 |
Passive Recon: .well-known & Metadata Files |
alpha |
|
Tool |
|
|
| 200013-1 |
security.txt observed |
alpha |
Medium |
Tool |
|
|
| 200013-2 |
OIDC well-known configuration observed |
alpha |
Medium |
Tool |
|
|
| 200013-3 |
Android assetlinks.json observed |
alpha |
Medium |
Tool |
|
|
| 200013-4 |
Apple app-site-association observed |
alpha |
Medium |
Tool |
|
|
| 200014 |
Passive Recon: Tokens & Secrets in URLs |
alpha |
|
Tool |
|
|
| 200014-1 |
access_token/id_token in URL |
alpha |
Medium |
Tool |
|
|
| 200014-2 |
JWT-like value in URL |
alpha |
Medium |
Tool |
|
|
| 200014-3 |
api_key/key in URL |
alpha |
Medium |
Tool |
|
|
| 200015 |
Passive Recon: High-Risk Parameter Names |
alpha |
|
Tool |
|
|
| 200015-1 |
Open redirect candidate parameter |
alpha |
Medium |
Tool |
|
|
| 200015-2 |
SSRF / webhook URL candidate parameter |
alpha |
Medium |
Tool |
|
|
| 200015-3 |
File/path candidate parameter |
alpha |
Medium |
Tool |
|
|
| 200015-4 |
IDOR candidate parameter |
alpha |
Medium |
Tool |
|
|
| 200016 |
Passive Recon: Internal Hosts & Environment Hints |
alpha |
|
Tool |
|
|
| 200016-1 |
Internal IP address leaked in response |
alpha |
Medium |
Tool |
|
|
| 200016-2 |
localhost/127.0.0.1 referenced in response |
alpha |
Medium |
Tool |
|
|
| 200016-3 |
Environment hints (dev/staging/test) in response |
alpha |
Medium |
Tool |
|
|
| 200016-4 |
Cloud metadata IP referenced |
alpha |
Medium |
Tool |
|
|
| 200017 |
Passive Recon: CORS Posture Indicators |
alpha |
|
Tool |
|
|
| 200017-1 |
Dynamic ACAO without Vary: Origin |
alpha |
Medium |
Tool |
|
|
| 200017-2 |
CORS allows broad methods |
alpha |
Medium |
Tool |
|
|
| 200017-3 |
CORS allows broad headers |
alpha |
Medium |
Tool |
|
|
| 200018 |
Cache-Control public/max-age with Set-Cookie |
alpha |
Medium |
Tool |
|
|
| 200019 |
Passive Recon: Interesting Endpoint Patterns |
alpha |
|
Tool |
|
|
| 200019-1 |
Admin/management path observed |
alpha |
Medium |
Tool |
|
|
| 200019-2 |
Debug/diagnostic path observed |
alpha |
Medium |
Tool |
|
|
| 200019-3 |
Spring Boot actuator endpoint observed |
alpha |
Medium |
Tool |
|
|
| 200019-4 |
Swagger/OpenAPI path observed |
alpha |
Medium |
Tool |
|
|
| 200019-5 |
GraphQL path observed |
alpha |
Medium |
Tool |
|
|
| 200019-6 |
Potential backup file observed |
alpha |
Medium |
Tool |
|
|
| 200019-7 |
Environment/config file observed |
alpha |
Medium |
Tool |
|
|
| 200019-8 |
Potential .git exposure path observed |
alpha |
Medium |
Tool |
|
|
| 200019-9 |
phpinfo endpoint observed |
alpha |
Medium |
Tool |
|
|
| 210000 |
DOM XSS sinks |
alpha |
|
Tool |
|
|
| 210000-1 |
DOM XSS via inline event handler |
alpha |
High |
Tool |
79 |
|
| 210000-2 |
DOM XSS via Element.innerHTML |
alpha |
High |
Tool |
79 |
|
| 210000-3 |
DOM XSS via Element.outerHTML |
alpha |
High |
Tool |
79 |
|
| 210000-4 |
DOM XSS via insertAdjacentHTML |
alpha |
High |
Tool |
79 |
|
| 210000-5 |
DOM XSS via document.write |
alpha |
High |
Tool |
79 |
|
| 210000-6 |
DOM XSS via DOM mutations |
alpha |
High |
Tool |
79 |
|
| 210001 |
Dynamic JS execution |
alpha |
|
Tool |
|
|
| 210001-1 |
Dynamic code execution via eval |
alpha |
High |
Tool |
95 |
|
| 210001-2 |
Dynamic code execution via Function constructor |
alpha |
High |
Tool |
95 |
|
| 210001-3 |
Dynamic code execution via Function.apply |
alpha |
High |
Tool |
95 |
|
| 210002 |
Client-side navigation sinks |
alpha |
|
Tool |
|
|
| 210002-1 |
Open redirect via window.open |
alpha |
Low |
Tool |
601 |
|
| 210002-2 |
Open redirect via Navigation API |
alpha |
Low |
Tool |
601 |
|
| 210003 |
Dangerous URL scheme execution sinks |
alpha |
|
Tool |
|
|
| 210003-1 |
javascript: URL assigned to href |
alpha |
High |
Tool |
79 |
|
| 210003-2 |
javascript: URL navigated via location.href |
alpha |
High |
Tool |
79 |
|
| 210003-3 |
javascript: URL assigned to iframe.src |
alpha |
High |
Tool |
79 |
|
| 210003-4 |
data: URL assigned to script.src |
alpha |
High |
Tool |
79 |
|
| 210004 |
Route-controlled client navigation |
alpha |
|
Tool |
|
|
| 210004-1 |
Route-controlled history.replaceState |
alpha |
Medium |
Tool |
601 |
|
| 210004-2 |
Route-controlled Navigation API transition |
alpha |
Medium |
Tool |
601 |
|
| 210005 |
Form submission target hijack |
alpha |
|
Tool |
|
|
| 210005-1 |
Form action manipulated by tainted route or body input |
alpha |
Medium |
Tool |
601 |
|
| 210005-2 |
formAction manipulated by tainted route or body input |
alpha |
Medium |
Tool |
601 |
|
| 210006 |
Dangerous form target URL schemes |
alpha |
|
Tool |
|
|
| 210006-1 |
javascript: URL assigned to form action |
alpha |
High |
Tool |
79 |
|
| 210006-2 |
javascript: URL assigned to formAction |
alpha |
High |
Tool |
79 |
|
| 210007 |
Response-derived DOM execution reachability |
alpha |
|
Tool |
|
|
| 210007-1 |
Response field rendered via innerHTML |
alpha |
High |
Tool |
79 |
|
| 210007-2 |
Response field rendered via document.write |
alpha |
High |
Tool |
79 |
|
| 210008 |
Prototype pollution influenced fetch() init |
alpha |
High |
Tool |
1321 |
|
| 220000 |
DOM-based XSS |
alpha |
|
Tool |
|
|
| 220000-1 |
Disallow innerHTML/outerHTML assignments |
alpha |
Medium |
Tool |
|
|
| 220000-2 |
Review uses of appendChild |
alpha |
Medium |
Tool |
|
|
| 220000-3 |
Disallow document.write()/writeln() |
alpha |
Medium |
Tool |
|
|
| 220000-4 |
Review DOMParser.parseFromString with dynamic HTML/XML |
alpha |
Medium |
Tool |
|
|
| 220000-5 |
template.innerHTML with dynamic content |
alpha |
Medium |
Tool |
|
|
| 220000-6 |
Inline event handler built from dynamic data |
alpha |
Medium |
Tool |
|
|
| 220000-7 |
Disallow insertAdjacentHTML() |
alpha |
Medium |
Tool |
|
|
| 220000-8 |
DOM-based XSS (taint flow) |
alpha |
Medium |
Tool |
|
|
| 220000-9 |
DOM XSS via innerHTML (Angular) |
alpha |
Medium |
Tool |
|
|
| 220001 |
DOM-based Cookie Manipulation |
alpha |
|
Tool |
|
|
| 220001-1 |
Disallow direct document.cookie assignment (incl. bracket access) |
alpha |
Medium |
Tool |
|
|
| 220001-2 |
DOM-based Cookie Manipulation (taint flow) |
alpha |
Medium |
Tool |
|
|
| 220002 |
Open Redirection |
alpha |
|
Tool |
|
|
| 220002-1 |
Disallow direct navigation primitives |
alpha |
Medium |
Tool |
|
|
| 220002-2 |
Same-origin URL mutations |
alpha |
Medium |
Tool |
|
|
| 220002-3 |
DOM-based Open Redirection (taint flow) |
alpha |
Medium |
Tool |
|
|
| 220003 |
DOM-based JavaScript Injection |
alpha |
|
Tool |
|
|
| 220003-1 |
Avoid string-based timers |
alpha |
Medium |
Tool |
|
|
| 220003-2 |
Avoid execScript dynamic execution |
alpha |
Medium |
Tool |
|
|
| 220003-3 |
Avoid eval with string literals |
alpha |
Medium |
Tool |
|
|
| 220003-4 |
Avoid Function constructor with strings |
alpha |
Medium |
Tool |
|
|
| 220003-5 |
DOM-based JavaScript Injection (taint flow) |
alpha |
Medium |
Tool |
|
|