| SQL Injection |
A01:2021 Broken Access Control |
CWE-89 Improper neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |
High |
7 |
| SQL Injection-MYSQL |
A01:2021 Broken Access Control |
CWE-89 Improper Neutralization of Special Elements used in an SQL Command (’SQL Injection’) |
High |
7 |
| Absence of Anti-CSRF Tokens |
A01:2021 Broken Access Control |
CWE-352 Cross-Site Request Forgery (CSRF) |
Medium |
9 |
| Application Error Disclosure |
A05:2021 Security Misconfiguration |
– |
Medium |
1 |
| Content Security Policy (CSP) Header Not Set |
A05:2021 Security Misconfiguration |
– |
Medium |
12 |
| Directory Browsing |
A01:2021 Broken Access Control |
– |
Medium |
9 |
| Missing Anti-clickjacking Header |
A05:2021 Security MISCONFIGURATION |
– |
Medium |
8 |
| Parameter Tampering |
A04:2021 Insecure Design |
– |
Medium |
2 |
| Vulnerable JS Library |
A06:2021 Vulnerable and Outdated Components |
– |
Medium |
2 |
| Big Redirect Detected (Potential Sensitive Information Leak) |
A04:2021 Insecure Design |
– |
Low |
3 |
| Cookie no HttpOnly Flag |
A05:2021 Security Misconfiguration |
– |
Low |
2 |
| Cookie without SameSite Attribute |
A01:2021 Broken Access Control |
– |
Low |
2 |
| Server Leaks Information via “X-Powered-By” HTTP Response Header Field(s) |
A01:2021 Broken Access Control |
– |
Low |
13 |
| Server Leaks Version Information via “Server” HTTP Response Header Field |
A05:2021 Security Misconfiguration |
– |
Low |
24 |
| X-Content-Type-Options Header Missing |
A05:2021 Security Misconfiguration |
– |
Low |
14 |
