Table 4. Analysis of Yasca’s Employee Record Management System.
| Name of vulnerabilities | OWASP Top 10:2021 category | CWE Top 25:2023 category | Severity level | Number of vulnerabilities |
|---|---|---|---|---|
| Cross Site Scripting | A03:2021 Injection | CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | High | 145 |
| SQL Injection | A03:2021 Injection | CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | High | 39 |
| Weak Credentials | A07:2021 Identification and Authentication failures | CWE-259 Use of Hard-coded Passwords | Medium | 22 |