Knowledge Base - Issues

Our knowledge-base provides a comprehensive collection of information on vulnerabilities related to cyber security.

/ Ajax Request Header Manipulation

Ajax request header manipulation (CWE-20) is a type of client side vulnerability in web and API applications that can be exploited by manipulating the request headers sent from the client. This attack can be used to gain access to restricted resources, bypass authentication or authorization mechanisms, or modify data stored...

/ Browser Storage

Browser Storage is a type of Client Side Vulnerability (CWE-79) which permits unvalidated data to be stored on the browser. This vulnerability is most commonly found in web and API applications, where it can be exploited by a malicious attacker to extract sensitive user data, such as passwords, session tokens,...

/ Client-Side HTTP Parameter Pollution

Client-side HTTP parameter pollution (CWE-20) is a type of web application vulnerability that occurs when user-supplied parameters are used to manipulate the intended logic of a web application. The attacker can inject additional HTTP parameters into a single HTTP request, which can be used to manipulate the application's behaviour. By...

/ Client-Side Json Injection (DOM-Based)

Description Client-side JSON injection (DOM-based) is a type of vulnerability that occurs when a malicious user is able to inject JSON directly into a web page, usually through a browser, allowing malicious code to be executed within the browser. This vulnerability is categorized as a Client Side Vulnerability according to the...

/ Client-Side Resource Manipulation

Client-side Resource Manipulation (CWE-502) is one of the most critical client-side vulnerabilities that can occur in web and API applications. It is described in the [Common Weakness Enumeration (CWE)](https://cwe.mitre.org/data/definitions/502.html) directory as the ability to manipulate resources in the client-side before they are used by the application. This vulnerability can be...

/ Client-Side SQL Injection (DOM-Based)

Client-side SQL injection (DOM-based) is a type of injection attack that is classified as a Client Side Vulnerability (CWE-79). It occurs when a web application allows user-supplied input to be executed as part of a SQL query without proper validation or sanitization. According to the OWASP Testing Guide, DOM-based SQL...

/ Client-Side Template Injection

Client-side template injection (CSTI) is a type of injection attack that occurs when user-supplied data is injected into a web template in a client-side context. This type of attack is particularly dangerous as it allows an attacker to inject malicious code into a web page that is then executed by...

/ Client-Side URL Redirect

Client-side URL Redirect, also known as Open Redirect, is a vulnerability that occurs when a web application accepts an user-controlled input that specifies a redirection to an external URL. This vulnerability is listed as CWE-601 in the Common Weakness Enumeration (CWE) directory and is categorized under Client Side Vulnerabilities. It...

/ Client-Side Xpath Injection (DOM-Based)

Client-side XPath injection (DOM-based) is a type of security vulnerability which is classified under Client Side Vulnerabilities as per the Common Weakness Enumeration (CWE), and occurs in web and API applications. This is a type of injection attack where an attacker injects malicious XPath statements into a client's web page,...

/ Cookie Manipulation (DOM-Based)

Cookie manipulation (DOM-based) is a type of web application security vulnerability classified as a Client Side Vulnerability. This vulnerability occurs when web applications fail to properly validate the integrity of cookies, resulting in the ability to execute malicious code. According to the [Common Weakness Enumeration (CWE) directory, this vulnerability is...

/ Cross Site Flashing

Cross Site Flashing (CWE-959) is a vulnerability that allows attackers to inject malicious content into a vulnerable web or API application. It is a type of client-side vulnerability that occurs when a vulnerable application allows an attacker to inject malicious content into a web page or API call. The malicious...

/ Cross Site Script Inclusion

Cross-Site Script Inclusion (CWE-832) is a type of Client Side Vulnerability which refers to the ability of an attacker to execute malicious scripts in a web application or API by exploiting the application's code or configurations. This type of attack is based on the fact that the scripts of a...

/ Cross Site Scripting (DOM-Based)

Cross Site Scripting (DOM-Based) is a type of client side vulnerability that is listed in the CWE Top 25 (2022) and is classified as CWE-79. It is a type of injection attack that allows an attacker to execute malicious JavaScript on a web page or in an API. The attacker...

/ Cross-Origin Resource Sharing

Cross-origin resource sharing (CORS) is a vulnerability that occurs when a malicious website is allowed to access resources in a different domain. It is classified as a client-side vulnerability because it is the client's browser that is responsible for controlling access to resources. CORS is classified as CWE-918 in the...
A _Cross-Origin Resource Sharing (CORS)_ policy controls whether and how content running on other domains can interact with the domain that publishes the policy. The policy is granular and can apply per-request access controls based on the URL and other characteristics of the request. # Risk The common exploitation scenarios can be...
Cross-origin resource sharing (CORS) is a browser mechanism which enables controlled access to resources located outside of a given domain. It extends and adds flexibility to the same-origin policy (SOP). It also provides potential for cross-domain based attacks, if a website's CORS policy is poorly configured and implemented. CORS is...
A _Cross-Origin Resource Sharing (CORS)_ policy controls whether and how content running on other domains can interact with the domain that publishes the policy. The policy is granular and can apply per-request access controls based on the URL and other characteristics of the request. # Risk If a site allows interaction...

/ Cross-Site Request Forgery

Cross-Site Request Forgery (CSRF) is an attack vector that exploits the trust a website has for a user. It is a type of attack classified as a client-side attack, where an attacker can send malicious requests in the name of the target user without their knowledge. According to Common Weakness...

/ Document Domain Manipulation

Document Domain Manipulation (CWE-213) is a client-side vulnerability that occurs when a malicious actor is able to manipulate the document domain of a web page or API. The document domain is the origin from which certain documents, such as JavaScript and HTML, are accessed. When this document domain is manipulated,...

/ HTML Injection

HTML Injection, also known as Cross-site Scripting (XSS), is a type of client-side vulnerability that involves injecting malicious HTML code into a web page or API. This type of attack is classified under CWE-79 in the Common Weakness Enumeration (CWE) directory and is part of the OWASP Top 10 Web...

/ Html5 Storage Manipulation (DOM-Based)

HTML5 storage manipulation (DOM-based) is a type of client-side attack in which the attacker is able to manipulate HTML5 Storage, also known as DOM Storage, of a web application. DOM Storage is a browser-based storage mechanism for client-side data that has a higher capacity than cookies and is supported by...

/ Insecure Data Process in DOM

Insecure data process in DOM, also known as CWE-20, is a vulnerability that exists in web and API applications where user input data is processed and stored without proper validation or protection. This type of vulnerability can lead to a variety of security issues, such as Cross-Site Scripting (XSS), SQL...

/ JavaScript Execution

JavaScript Execution is a type of Client Side Vulnerability that occurs in Web and API applications. It refers to the ability of malicious code to be injected into the application and executed on the client-side. It is a type of code injection attack and is classified by the Common Weakness...

/ JavaScript Injection (DOM-Based)

JavaScript injection (DOM-based) is a type of Client Side Vulnerability (CWE-79) which allows attackers to inject malicious JavaScript code into a web application. This code is executed by the user’s browser and can be used to manipulate the web application. The OWASP Testing Guide describes JavaScript Injection as “a form...

/ Local File Path Manipulation (DOM-Based)

Local file path manipulation (DOM-based) is a type of client-side vulnerability in web applications and APIs that allows an attacker to inject malicious code into a vulnerable web application. This vulnerability is classified in the Common Weakness Enumeration (CWE) directory as CWE-79, and is also listed in the OWASP Testing...

/ Stored Cross Site Scripting

Stored Cross Site Scripting (XSS) is a type of Client-Side Vulnerability and is listed as one of the top 25 most dangerous software errors in the Common Weakness Enumeration (CWE) directory. It is classified as CWE-79 and is listed as an Injection vulnerability. Stored XSS occurs when an application stores...

/ Web Messaging

Web Messaging is a type of Client Side Vulnerability occurring in Web and API applications. It is a class of vulnerability that is defined in the Common Weakness Enumeration (CWE) directory as CWE-918 (Ref 1). This type of vulnerability occurs when an application does not properly validate and sanitize input...

/ Websocket URL Poisoning (DOM-Based)

Description WebSocket URL poisoning (DOM-based) is a type of client-side vulnerability that can be exploited to inject malicious data into a websocket URL. This vulnerability is listed in the Common Weakness Enumeration (CWE) directory under CWE-918, and is described in the OWASP Testing Guide as a potential vector for Cross-Site Scripting...

/ Websockets

WebSockets is a Client Side Vulnerability (CWE-811) that occurs in Web and API applications. It is an attack technique used to exploit a weakness in the communication layer between the client and the server. It allows an attacker to gain access to the application's backend and data using specially crafted...
Showing entries 1 to 29 of 29 entries.