Knowledge Base - Issues
Our knowledge-base provides a comprehensive collection of information on vulnerabilities related to cyber security.Cross-Site Request Forgery (CSRF) is an attack vector that exploits the trust a website has for a user. It is a type of attack classified as a client-side attack, where an attacker can send malicious requests in the name of the target user without their knowledge. According to Common Weakness...
File path traversal is a type of input validation vulnerability that is categorized under the CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) in the CWE Top 25 (2022). This vulnerability occurs when an application receives input from an external source, such as a user, and does not...
OS command injection (CWE-78) is an injection attack technique used to execute arbitrary system commands on a vulnerable web or API application. It occurs when a user is able to inject malicious code into an input field of a web application or API in order to execute system commands on...
Reflected Cross-Site Scripting (XSS) is a type of computer security vulnerability typically found in web applications. It occurs when user input is not properly sanitized and is reflected back to the user in the application’s response. This type of attack can be used to inject malicious client-side scripts into a...
SQL Injection (CWE-89) is a type of input validation vulnerability where the attacker submits malicious code to a web application or API through the user interface. This malicious code is then used to execute arbitrary code or modify the application's data. According to the CWE directory, SQL Injection is categorized...
Stored Cross Site Scripting (XSS) is a type of Client-Side Vulnerability and is listed as one of the top 25 most dangerous software errors in the Common Weakness Enumeration (CWE) directory. It is classified as CWE-79 and is listed as an Injection vulnerability. Stored XSS occurs when an application stores...
The application allows the attacker to upload or transfer malicious that can be automatically processed within the product's environment.The application should be able to fend off bogus and malicious files in a way to keep the application and the users safe.
## Risk
An attacker could be able to upload executable code...
XML external entity injection (XXE) is a type of computer security vulnerability typically found in web applications that parse XML input. This can allow an attacker to gain access to sensitive data, perform denial of service attacks, port scanning, and even server-side request forgery (SSRF). The vulnerability is categorized by...
Showing entries 1 to 8 of 8 entries.