Knowledge Base - Issues
Our knowledge-base provides a comprehensive collection of information on vulnerabilities related to cyber security.Ajax request header manipulation (CWE-20) is a type of client side vulnerability in web and API applications that can be exploited by manipulating the request headers sent from the client. This attack can be used to gain access to restricted resources, bypass authentication or authorization mechanisms, or modify data stored...
Client-side HTTP parameter pollution (CWE-20) is a type of web application vulnerability that occurs when user-supplied parameters are used to manipulate the intended logic of a web application. The attacker can inject additional HTTP parameters into a single HTTP request, which can be used to manipulate the application's behaviour. By...
Client-side JSON injection (DOM-based) is a type of vulnerability that occurs when a malicious user is able to inject JSON directly into a web page, usually through a browser, allowing malicious code to be executed within the browser. This vulnerability is categorized as a Client Side Vulnerability according to the...
Client-side SQL injection (DOM-based) is a type of injection attack that is classified as a Client Side Vulnerability (CWE-79). It occurs when a web application allows user-supplied input to be executed as part of a SQL query without proper validation or sanitization. According to the OWASP Testing Guide, DOM-based SQL...
Client-side template injection (CSTI) is a type of injection attack that occurs when user-supplied data is injected into a web template in a client-side context. This type of attack is particularly dangerous as it allows an attacker to inject malicious code into a web page that is then executed by...
Client-side XPath injection (DOM-based) is a type of security vulnerability which is classified under Client Side Vulnerabilities as per the Common Weakness Enumeration (CWE), and occurs in web and API applications. This is a type of injection attack where an attacker injects malicious XPath statements into a client's web page,...
Cookie manipulation (DOM-based) is a type of web application security vulnerability classified as a Client Side Vulnerability. This vulnerability occurs when web applications fail to properly validate the integrity of cookies, resulting in the ability to execute malicious code. According to the [Common Weakness Enumeration (CWE) directory, this vulnerability is...
Cross Site Scripting (DOM-Based) is a type of client side vulnerability that is listed in the CWE Top 25 (2022) and is classified as CWE-79. It is a type of injection attack that allows an attacker to execute malicious JavaScript on a web page or in an API. The attacker...
Cross-origin resource sharing (CORS) is a vulnerability that occurs when a malicious website is allowed to access resources in a different domain. It is classified as a client-side vulnerability because it is the client's browser that is responsible for controlling access to resources. CORS is classified as CWE-918 in the...
A _Cross-Origin Resource Sharing (CORS)_ policy controls whether and how content running on other domains can interact with the domain that publishes the policy. The policy is granular and can apply per-request access controls based on the URL and other characteristics of the request.
## Risk
The common exploitation scenarios can be...
Cross-origin resource sharing (CORS) is a browser mechanism which enables controlled access to resources located outside of a given domain. It extends and adds flexibility to the same-origin policy (SOP). It also provides potential for cross-domain based attacks, if a website's CORS policy is poorly configured and implemented. CORS is...
A _Cross-Origin Resource Sharing (CORS)_ policy controls whether and how content running on other domains can interact with the domain that publishes the policy. The policy is granular and can apply per-request access controls based on the URL and other characteristics of the request.
## Risk
If a site allows interaction...
Cross-Site Request Forgery (CSRF) is an attack vector that exploits the trust a website has for a user. It is a type of attack classified as a client-side attack, where an attacker can send malicious requests in the name of the target user without their knowledge. According to Common Weakness...
Document Domain Manipulation (CWE-213) is a client-side vulnerability that occurs when a malicious actor is able to manipulate the document domain of a web page or API. The document domain is the origin from which certain documents, such as JavaScript and HTML, are accessed. When this document domain is manipulated,...
HTML Injection, is a type of client-side vulnerability that involves injecting malicious HTML code into a web page or API. The goal of HTML Injection is to gain access to a user's session, steal sensitive information, and even execute malicious code. HTML Injection can be used to attack both web...
HTML5 storage manipulation (DOM-based) is a type of client-side attack in which the attacker is able to manipulate HTML5 Storage, also known as DOM Storage, of a web application. DOM Storage is a browser-based storage mechanism for client-side data that has a higher capacity than cookies and is supported by...
Insecure data process in DOM, also known as CWE-20, is a vulnerability that exists in web and API applications where user input data is processed and stored without proper validation or protection. This type of vulnerability can lead to a variety of security issues, such as Cross-Site Scripting (XSS), SQL...
JavaScript injection (DOM-based) is a type of Client Side Vulnerability (CWE-79) which allows attackers to inject malicious JavaScript code into a web application. This code is executed by the user’s browser and can be used to manipulate the web application. The OWASP Testing Guide describes JavaScript Injection as “a form...
Local file path manipulation (DOM-based) is a type of client-side vulnerability in web applications and APIs that allows an attacker to inject malicious code into a vulnerable web application. This vulnerability is classified in the Common Weakness Enumeration (CWE) directory as CWE-79, and is also listed in the OWASP Testing...
Stored Cross Site Scripting (XSS) is a type of client-side vulnerability and is listed - as part of XSS in general - as one of the top 25 most dangerous software errors in the Common Weakness Enumeration (CWE) directory. It is classified as [CWE-79](https://cwe.mitre.org/data/definitions/79.html): "Improper Neutralization of Input During Web...
WebSocket URL poisoning (DOM-based) is a type of client-side vulnerability that can be exploited to inject malicious data into a websocket URL. This vulnerability is listed in the Common Weakness Enumeration (CWE) directory under CWE-918, and is described in the OWASP Testing Guide as a potential vector for Cross-Site Scripting...
Showing entries 1 to 21 of 21 entries.