Details | |
---|---|
Alert ID | 10058 |
Alert Type | Active |
Status | release |
Risk | Informational |
CWE | 16 |
WASC | 20 |
Technologies Targeted | All |
Tags |
CWE-16 OWASP_2017_A06 OWASP_2021_A04 POLICY_QA_FULL POLICY_QA_STD WSTG-V42-CONF-06 |
More Info |
Scan Rule Help |
Summary
A request that was originally observed as a POST was also accepted as a GET. This issue does not represent a security weakness unto itself, however, it may facilitate simplification of other attacks. For example if the original POST is subject to Cross-Site Scripting (XSS), then this finding may indicate that a simplified (GET based) XSS may also be possible.