Authentication Bypass by Capture-replay
| |
Access Restriction Bypass
| |
Exposure of Sensitive Information to an Unauthorized Actor
| |
Resource Exhaustion
| |
XML External Entity (XXE) Injection
| |
XML External Entity (XXE) Injection
| |
Improper Access Control
|
[,2.426.3)
[2.427,2.440.1)
[2.441,2.442)
|
Origin Validation Error
|
[,2.426.3)
[2.427,2.440.1)
[2.441,2.442)
|
Incorrect Default Permissions
| |
Creation of Temporary File With Insecure Permissions
| |
Improper Control of Generation of Code ('Code Injection')
| |
Information Exposure
| |
Cross-site Scripting (XSS)
| |
Cross-site Scripting (XSS)
| |
Cross-site Request Forgery (CSRF)
| |
Denial of Service (DoS)
| |
Denial of Service (DoS)
| |
Cross-site Scripting (XSS)
|
[2.270,2.375.4)
[2.376,2.387.1)
[2.388,2.394)
|
Creation of Temporary File With Insecure Permissions
|
[,2.375.4)
[2.376,2.387.1)
[2.388,2.394)
|
Information Exposure
|
[,2.375.4)
[2.376,2.387.1)
[2.388,2.394)
|
Creation of Temporary File With Insecure Permissions
| |
Information Exposure
| |
Cross-site Request Forgery (CSRF)
| |
Cross-site Request Forgery (CSRF)
| |
Cross-site Request Forgery (CSRF)
| |
Cross-site Scripting (XSS)
| |
Information Exposure
| |
Session Fixation
|
[2.266,2.289.2)
[2.292,2.300)
|
Improper Authentication
| |
Information Exposure
| |
Timing Attack
| |
Improper Restriction of Rendered UI Layers or Frames
| |
Timing Attack
| |
Denial of Service (DoS)
| |
Incorrect Authorization
|
[2.266,2.289.2)
[2.292,2.300)
|
Path Equivalence
| |
Directory Traversal
| |
Cross-site Scripting (XSS)
| |
Cross-site Scripting (XSS)
| |
Cross-site Scripting (XSS)
| |
Information Exposure
| |
Cross-site Scripting (XSS)
| |
Information Exposure
| |
Cross-site Scripting (XSS)
| |
Improper Authorization
| |
Cross-site Scripting (XSS)
| |
Denial of Service (DoS)
| |
Cross-site Request Forgery (CSRF)
| |
Directory Traversal
| |
Improper Authorization
| |
Symlink Attack
| |
Directory Traversal
| |
Directory Traversal
| |
Arbitrary Code Injection
| |
Improper Access Control
| |
Improper Authorization
| |
Improper Authorization
| |
Improper Access Control
| |
Symlink Attack
| |
Improper Access Control
| |
Symlink Attack
| |
Insufficient Validation
| |
Improper Validation
| |
Race Condition
| |
Denial of Service (DoS)
| |
Deserialization of Untrusted Data
| |
Arbitrary File Read
| |
Cross-site Scripting (XSS)
| |
Cross-site Scripting (XSS)
| |
Cross-site Scripting (XSS)
| |
Directory Traversal
| |
Access Restriction Bypass
| |
Cross-site Scripting (XSS)
| |
Information Exposure
| |
Cross-site Scripting (XSS)
|
[,2.252)
[2.235.3,2.235.4)
|
Cross-site Scripting (XSS)
|
[,2.252)
[2.235.3,2.235.4)
|
Cross-site Scripting (XSS)
|
[,2.252)
[2.235.3,2.235.4)
|
Cross-site Scripting (XSS)
|
[,2.176.4)
[2.180.0,2.196.1)
|
Cross-site Scripting (XSS)
|
[,2.176.4)
[2.180.0,2.196.1)
|
Denial of Service (DoS)
| |
Cross-site Scripting (XSS)
|
[0,2.176.4)
[2.180.0,2.196.1)
|
Cross-site Scripting (XSS)
|
[,2.176.4)
[2.180.0,2.190.1)
|
Cross-site Scripting (XSS)
|
[0,2.176.4)
[2.180.0,2.196.1)
|
Information Exposure
|
[,2.176.4)
[2.180.0,2.196.1)
|
Cross-site Scripting (XSS)
| |
Cross-site Scripting (XSS)
| |
Cross-site Scripting (XSS)
| |
Cross-site Scripting (XSS)
| |
Cross-site Scripting (XSS)
| |
Cross-site Scripting (XSS)
| |
Cross-site Request Forgery (CSRF)
| |
Cross-site Scripting (XSS)
| |
Cross-site Scripting (XSS)
| |
Protection Bypass
| |
Cross Site Request Forgery (CSRF)
| |
Directory Traversal
| |
Access Control Bypass
| |
Authorization Bypass
|
[2.150,2.160)
[2.150.1,2.150.2)
|
Authentication Bypass
| |
Cross-site Scripting (XSS)
| |
Directory Traversal
| |
Arbitrary File Write
| |
Cross-site Scripting (XSS)
| |
Information Exposure
| |
Ephemeral User Record Creation
| |
Session Fixation
| |
Information Exposure
|
[,2.138.4)
[2.140,2.149]
[2.150,2.150.1)
[2.153,2.154)
|
Modification of Assumed-Immutable Data (MAID)
|
[,2.138.4)
[2.140,2.149]
[2.150,2.150.1)
[2.153,2.154)
|
Arbitrary Code Execution
|
[,2.138.4)
[2.140,2.150.1)
[2.153,2.154)
|
Denial of Service (DoS)
| |
Information Exposure
| |
Arbitrary Code Execution
|
[1.509.0,1.509.1)
[1.510,1.514)
|
Arbitrary Code Execution
| |
Information Exposure
| |
Improper Authorization
| |
Information Exposure
| |
Authentication Bypass
| |
Denial of Service (DoS)
| |
Denial of Service (DoS)
| |
Deserialization of Untrusted Data
| |
Cross-site Scripting (XSS)
| |
Information Exposure
| |
Cross-site Scripting (XSS)
| |
Improper Authorization
| |
Insufficient Permission Check
| |
Authentication Bypass
| |
Arbitrary File Read
| |
User Impersonation
| |
Information Exposure
| |
Server-Side Request Forgery (SSRF)
| |
Directory Traversal
| |
Arbitrary File Write via Archive Extraction (Zip Slip)
| |
Information Exposure
| |
Session Hijacking
| |
Access Restriction Bypass
| |
Access Restriction Bypass
| |
Cross-site Scripting (XSS)
| |
Directory Traversal
| |
Information Exposure
| |
Information Exposure
| |
Cross-site Scripting (XSS)
| |
Clickjacking
| |
Privilege Escalation
| |
Information Exposure
| |
Cross-site Scripting (XSS)
| |
Arbitrary Code Execution
| |
Privilege Escalation
| |
Man-in-the-Middle (MitM)
| |
Information Exposure
| |
Information Exposure
| |
Cross-site Scripting (XSS)
| |
Directory Traversal
| |
Privilege Escalation
| |
Information Exposure
| |
Denial of Service (DoS)
| |
Directory Traversal
| |
Cross-site Scripting (XSS)
| |
Denial of Service (DoS)
| |
Arbitrary Code Execution
| |
Information Exposure
| |
Information Exposure
| |
Cross-site Scripting (XSS)
| |
Cross-site Request Forgery (CSRF)
| |
XML External Entity (XXE) Injection
| |
Directory Traversal
| |
Access Restriction Bypass
| |
Cross-site Scripting (XSS)
| |
Information Exposure
| |
Improper Access Control
| |
Information Exposure
| |
Cross-site Request Forgery (CSRF)
| |
Privilege Escalation
| |
Deserialization of Untrusted Data
| |
Insufficient Permission Validation
| |
Information Exposure
| |
Arbitrary File Overwrite
| |
Cross-site Scripting (XSS)
| |
Cross-site Request Forgery (CSRF)
| |
Arbitrary Code Execution
|
[,1.642.2)
[1.643.0,1.650)
|
Information Exposure
| |
Timing Attacks
| |
HTTP Response Splitting
|
[,1.642.2)
[1.643.0,1.650)
|
Timing Attack
| |
Arbitrary Code Execution
| |
Arbitrary Code Execution
|
[,1.642.2)
[1.643.0,1.650)
|
Arbitrary Code Execution
| |
Insufficient Permission Validation
| |
Arbitrary Code Injection
| |
Information Exposure
| |
Open Redirect
| |
Information Exposure
| |
Information Exposure
| |
Authentication Bypass
| |
Denial of Service (DoS)
| |
Arbitrary Code Execution
| |
Cross-site Scripting (XSS)
|
[2.110,2.116)
[2.107.0,2.107.2)
|
Information Exposure
| |
Insufficient Permission Validation
| |
Deserialization of Untrusted Data
| |
Cross-Site Request Forgery (CSRF)
| |
Directory Traversal
| |
Arbitrary Shell Command Execution
| |
Information Exposure
| |
Man-in-the-Middle (MitM)
| |
Information Exposure
| |
Information Exposure
| |
Information Exposure
| |
Authentication Bypass
| |
Information Exposure
| |
Deserialization of Untrusted Data
| |
Information Exposure
| |
Insecure Initialization
| |
Cross-site Request Forgery (CSRF)
| |
Server-Side Request Forgery (SSRF)
| |
Improper Input Validation
| |
Directory Traversal
| |