Knowledge Base - Issues
Our knowledge-base provides a comprehensive collection of information on vulnerabilities related to cyber security.Cross Site Scripting (DOM-Based) is a type of client side vulnerability that is listed in the CWE Top 25 (2022) and is classified as CWE-79. It is a type of injection attack that allows an attacker to execute malicious JavaScript on a web page or in an API. The attacker...
Cross-Site Request Forgery (CSRF) is an attack vector that exploits the trust a website has for a user. It is a type of attack classified as a client-side attack, where an attacker can send malicious requests in the name of the target user without their knowledge. According to Common Weakness...
File path traversal is a type of input validation vulnerability that is categorized under the CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) in the CWE Top 25 (2022). This vulnerability occurs when an application receives input from an external source, such as a user, and does not...
Incorrect Default Permissions is a type of authorization vulnerability, in which certain files or directories are given permissions that are too broad or are granted to a wider set of users than is necessary. This type of vulnerability may be found in web and API applications, and is listed as...
OS command injection (CWE-78) is an injection attack technique used to execute arbitrary system commands on a vulnerable web or API application. It occurs when a user is able to inject malicious code into an input field of a web application or API in order to execute system commands on...
Reflected Cross-Site Scripting (XSS) is a type of computer security vulnerability typically found in web applications. It occurs when user input is not properly sanitized and is reflected back to the user in the application’s response. This type of attack can be used to inject malicious client-side scripts into a...
Server-Side Request Forgery (SSRF) is a type of input validation vulnerability that occurs when an attacker is able to manipulate a request from a vulnerable server-side application to access resources that are not intended to be accessed by the attacker, such as internal services and files. This vulnerability is classified...
SQL Injection (CWE-89) is a type of input validation vulnerability where the attacker submits malicious code to a web application or API through the user interface. This malicious code is then used to execute arbitrary code or modify the application's data. According to the CWE directory, SQL Injection is categorized...
Stored Cross Site Scripting (XSS) is a type of client-side vulnerability and is listed - as part of XSS in general - as one of the top 25 most dangerous software errors in the Common Weakness Enumeration (CWE) directory. It is classified as [CWE-79](https://cwe.mitre.org/data/definitions/79.html): "Improper Neutralization of Input During Web...
The application allows the attacker to upload or transfer malicious files that can be automatically processed within the product's environment. The application should be able to fend off bogus and malicious files in a way to keep the application and the users safe.
## Risk
An attacker could be able to upload...
Use of Hard-coded Credentials (CWE-798) is a type of Identity Management vulnerability that occurs when credentials such as passwords, usernames, or keys are hard-coded into applications or services. This type of vulnerability is commonly found in Web and API applications and is listed as one of the CWE Top 25...
XML external entity injection (XXE) is a type of computer security vulnerability typically found in web applications that parse XML input. This can allow an attacker to gain access to sensitive data, perform denial of service attacks, port scanning, and even server-side request forgery (SSRF). The vulnerability is categorized by...
Showing entries 1 to 12 of 12 entries.