| OS command injection | High | 0x00100100 | 1048832 | CWE-77 CWE-78 CWE-116 |
| SQL injection | High | 0x00100200 | 1049088 | CWE-89 CWE-94 CWE-116 |
| SQL injection (second order) | High | 0x00100210 | 1049104 | CWE-89 CWE-94 CWE-116 |
| ASP.NET tracing enabled | High | 0x00100280 | 1049216 | CWE-10 CWE-11 |
| File path traversal | High | 0x00100300 | 1049344 | CWE-22 CWE-23 CWE-35 CWE-36 |
| XML external entity injection | High | 0x00100400 | 1049600 | CWE-611 |
| LDAP injection | High | 0x00100500 | 1049856 | CWE-90 CWE-116 |
| XPath injection | High | 0x00100600 | 1050112 | CWE-94 CWE-116 CWE-159 CWE-643 |
| XML injection | Medium | 0x00100700 | 1050368 | CWE-91 CWE-116 CWE-159 CWE-611 CWE-776 |
| ASP.NET debugging enabled | Medium | 0x00100800 | 1050624 | CWE-11 |
| HTTP PUT method is enabled | High | 0x00100900 | 1050880 | CWE-650 |
| Out-of-band resource load (HTTP) | High | 0x00100a00 | 1051136 | CWE-610 CWE-918 |
| File path manipulation | High | 0x00100b00 | 1051392 | CWE-22 CWE-23 CWE-35 CWE-36 |
| PHP code injection | High | 0x00100c00 | 1051648 | CWE-94 CWE-116 CWE-159 |
| Server-side JavaScript code injection | High | 0x00100d00 | 1051904 | CWE-94 CWE-95 CWE-116 |
| Perl code injection | High | 0x00100e00 | 1052160 | CWE-94 CWE-95 CWE-116 |
| Ruby code injection | High | 0x00100f00 | 1052416 | CWE-94 CWE-95 CWE-116 |
| Python code injection | High | 0x00100f10 | 1052432 | CWE-94 CWE-95 CWE-116 |
| Expression Language injection | High | 0x00100f20 | 1052448 | CWE-116 CWE-159 CWE-917 |
| Unidentified code injection | High | 0x00101000 | 1052672 | CWE-94 CWE-95 CWE-116 |
| Server-side template injection | High | 0x00101080 | 1052800 | CWE-94 CWE-95 CWE-116 |
| SSI injection | High | 0x00101100 | 1052928 | CWE-96 CWE-116 CWE-159 |
| Cross-site scripting (stored) | High | 0x00200100 | 2097408 | CWE-79 CWE-80 CWE-116 CWE-159 |
| HTTP request smuggling | High | 0x00200140 | 2097472 | CWE-444 |
| Client-side desync | High | 0x00200141 | 2097473 | CWE-444 |
| Web cache poisoning | High | 0x00200180 | 2097536 | CWE-436 |
| HTTP response header injection | High | 0x00200200 | 2097664 | CWE-113 |
| Cross-site scripting (reflected) | High | 0x00200300 | 2097920 | CWE-79 CWE-80 CWE-116 CWE-159 |
| Client-side template injection | High | 0x00200308 | 2097928 | CWE-116 CWE-159 |
| Cross-site scripting (DOM-based) | High | 0x00200310 | 2097936 | CWE-79 CWE-80 CWE-116 CWE-159 |
| Cross-site scripting (reflected DOM-based) | High | 0x00200311 | 2097937 | CWE-79 CWE-80 CWE-116 CWE-159 |
| Cross-site scripting (stored DOM-based) | High | 0x00200312 | 2097938 | CWE-79 CWE-80 CWE-116 CWE-159 |
| Client-side prototype pollution | Information | 0x00200316 | 2097942 | CWE-1321 |
| JavaScript injection (DOM-based) | High | 0x00200320 | 2097952 | CWE-94 CWE-95 CWE-116 |
| JavaScript injection (reflected DOM-based) | High | 0x00200321 | 2097953 | CWE-94 CWE-95 CWE-116 |
| JavaScript injection (stored DOM-based) | High | 0x00200322 | 2097954 | CWE-94 CWE-95 CWE-116 |
| Path-relative style sheet import | Information | 0x00200328 | 2097960 | CWE-16 |
| Client-side SQL injection (DOM-based) | High | 0x00200330 | 2097968 | CWE-89 CWE-116 CWE-159 |
| Client-side SQL injection (reflected DOM-based) | High | 0x00200331 | 2097969 | CWE-89 CWE-116 CWE-159 |
| Client-side SQL injection (stored DOM-based) | High | 0x00200332 | 2097970 | CWE-89 CWE-116 CWE-159 |
| WebSocket URL poisoning (DOM-based) | High | 0x00200340 | 2097984 | CWE-345 CWE-346 CWE-441 |
| WebSocket URL poisoning (reflected DOM-based) | High | 0x00200341 | 2097985 | CWE-345 CWE-346 CWE-441 |
| WebSocket URL poisoning (stored DOM-based) | High | 0x00200342 | 2097986 | CWE-345 CWE-346 CWE-441 |
| Local file path manipulation (DOM-based) | High | 0x00200350 | 2098000 | CWE-22 CWE-73 |
| Local file path manipulation (reflected DOM-based) | High | 0x00200351 | 2098001 | CWE-22 CWE-73 |
| Local file path manipulation (stored DOM-based) | High | 0x00200352 | 2098002 | CWE-22 CWE-73 |
| Client-side XPath injection (DOM-based) | Low | 0x00200360 | 2098016 | CWE-79 CWE-116 CWE-159 |
| Client-side XPath injection (reflected DOM-based) | Low | 0x00200361 | 2098017 | CWE-79 CWE-116 CWE-159 |
| Client-side XPath injection (stored DOM-based) | Low | 0x00200362 | 2098018 | CWE-79 CWE-116 CWE-159 |
| Client-side JSON injection (DOM-based) | Low | 0x00200370 | 2098032 | CWE-79 CWE-116 CWE-159 |
| Client-side JSON injection (reflected DOM-based) | Low | 0x00200371 | 2098033 | CWE-79 CWE-116 CWE-159 |
| Client-side JSON injection (stored DOM-based) | Low | 0x00200372 | 2098034 | CWE-79 CWE-116 CWE-159 |
| Flash cross-domain policy | High | 0x00200400 | 2098176 | CWE-942 |
| Silverlight cross-domain policy | High | 0x00200500 | 2098432 | CWE-942 |
| Cross-origin resource sharing | Information | 0x00200600 | 2098688 | CWE-942 |
| Cross-origin resource sharing: arbitrary origin trusted | High | 0x00200601 | 2098689 | CWE-942 |
| Cross-origin resource sharing: unencrypted origin trusted | Low | 0x00200602 | 2098690 | CWE-942 |
| Cross-origin resource sharing: all subdomains trusted | Low | 0x00200603 | 2098691 | CWE-942 |
| Cross-site request forgery | Medium | 0x00200700 | 2098944 | CWE-352 |
| SMTP header injection | Medium | 0x00200800 | 2099200 | CWE-93 CWE-159 |
| JWT signature not verified | High | 0x00200900 | 2099456 | CWE-345 CWE-347 |
| JWT none algorithm supported | High | 0x00200901 | 2099457 | CWE-345 |
| JWT self-signed JWK header supported | High | 0x00200902 | 2099458 | |
| JWT weak HMAC secret | High | 0x00200903 | 2099459 | |
| JWT arbitrary jku header supported | High | 0x00200904 | 2099460 | |
| JWT arbitrary x5u header supported | High | 0x00200905 | 2099461 | |
| Cleartext submission of password | High | 0x00300100 | 3145984 | CWE-319 |
| External service interaction (DNS) | Information | 0x00300200 | 3146240 | CWE-918 CWE-406 |
| External service interaction (HTTP) | High | 0x00300210 | 3146256 | CWE-918 CWE-406 |
| External service interaction (SMTP) | Information | 0x00300220 | 3146272 | CWE-16 CWE-406 |
| Referer-dependent response | Information | 0x00400100 | 4194560 | CWE-16 CWE-213 |
| Spoofable client IP address | Information | 0x00400110 | 4194576 | CWE-16 |
| User agent-dependent response | Information | 0x00400120 | 4194592 | CWE-16 |
| Password returned in later response | Medium | 0x00400200 | 4194816 | CWE-204 |
| Password submitted using GET method | Low | 0x00400300 | 4195072 | CWE-598 |
| Password returned in URL query string | Low | 0x00400400 | 4195328 | CWE-598 |
| SQL statement in request parameter | Medium | 0x00400480 | 4195456 | CWE-598 |
| Cross-domain POST | Information | 0x00400500 | 4195584 | CWE-16 |
| ASP.NET ViewState without MAC enabled | High | 0x00400600 | 4195840 | CWE-642 |
| XML entity expansion | Medium | 0x00400700 | 4196096 | CWE-776 |
| Long redirection response | Information | 0x00400800 | 4196352 | CWE-698 |
| Serialized object in HTTP message | High | 0x00400900 | 4196608 | CWE-502 |
| Duplicate cookies set | Information | 0x00400a00 | 4196864 | CWE-16 |
| Input returned in response (stored) | Information | 0x00400b00 | 4197120 | CWE-20 CWE-116 |
| Input returned in response (reflected) | Information | 0x00400c00 | 4197376 | CWE-20 CWE-116 |
| Suspicious input transformation (reflected) | Information | 0x00400d00 | 4197632 | CWE-20 |
| Suspicious input transformation (stored) | Information | 0x00400e00 | 4197888 | CWE-20 |
| Request URL override | Information | 0x00400f00 | 4198144 | CWE-436 |
| Vulnerable JavaScript dependency | Low | 0x00500080 | 5243008 | CWE-1104 |
| Open redirection (reflected) | Low | 0x00500100 | 5243136 | CWE-601 |
| Open redirection (stored) | Medium | 0x00500101 | 5243137 | CWE-601 |
| Open redirection (DOM-based) | Low | 0x00500110 | 5243152 | CWE-601 |
| Open redirection (reflected DOM-based) | Low | 0x00500111 | 5243153 | CWE-601 |
| Open redirection (stored DOM-based) | Medium | 0x00500112 | 5243154 | CWE-601 |
| TLS cookie without secure flag set | Medium | 0x00500200 | 5243392 | CWE-614 |
| Cookie scoped to parent domain | Low | 0x00500300 | 5243648 | CWE-16 |
| Cross-domain Referer leakage | Information | 0x00500400 | 5243904 | CWE-200 |
| Cross-domain script include | Information | 0x00500500 | 5244160 | CWE-829 |
| Cookie without HttpOnly flag set | Low | 0x00500600 | 5244416 | CWE-16 |
| Session token in URL | Medium | 0x00500700 | 5244672 | CWE-200 CWE-384 CWE-598 |
| Password field with autocomplete enabled | Low | 0x00500800 | 5244928 | CWE-200 |
| Password value set in cookie | Medium | 0x00500900 | 5245184 | CWE-287 |
| File upload functionality | Information | 0x00500980 | 5245312 | CWE-434 |
| Frameable response (potential Clickjacking) | Information | 0x005009a0 | 5245344 | CWE-693 |
| Browser cross-site scripting filter disabled | Information | 0x005009b0 | 5245360 | CWE-16 |
| HTTP TRACE method is enabled | Information | 0x00500a00 | 5245440 | CWE-16 |
| Cookie manipulation (DOM-based) | Low | 0x00500b00 | 5245696 | CWE-565 CWE-829 |
| Cookie manipulation (reflected DOM-based) | Low | 0x00500b01 | 5245697 | CWE-565 CWE-829 |
| Cookie manipulation (stored DOM-based) | Low | 0x00500b02 | 5245698 | CWE-565 CWE-829 |
| Ajax request header manipulation (DOM-based) | Low | 0x00500c00 | 5245952 | CWE-116 |
| Ajax request header manipulation (reflected DOM-based) | Low | 0x00500c01 | 5245953 | CWE-116 |
| Ajax request header manipulation (stored DOM-based) | Low | 0x00500c02 | 5245954 | CWE-116 |
| Denial of service (DOM-based) | Information | 0x00500d00 | 5246208 | CWE-400 |
| Denial of service (reflected DOM-based) | Information | 0x00500d01 | 5246209 | CWE-400 |
| Denial of service (stored DOM-based) | Low | 0x00500d02 | 5246210 | CWE-400 |
| HTML5 web message manipulation (DOM-based) | Information | 0x00500e00 | 5246464 | CWE-20 |
| HTML5 web message manipulation (reflected DOM-based) | Information | 0x00500e01 | 5246465 | CWE-20 |
| HTML5 web message manipulation (stored DOM-based) | Information | 0x00500e02 | 5246466 | CWE-20 |
| HTML5 storage manipulation (DOM-based) | Information | 0x00500f00 | 5246720 | CWE-20 |
| HTML5 storage manipulation (reflected DOM-based) | Information | 0x00500f01 | 5246721 | CWE-20 |
| HTML5 storage manipulation (stored DOM-based) | Information | 0x00500f02 | 5246722 | CWE-20 |
| Link manipulation (DOM-based) | Low | 0x00501000 | 5246976 | CWE-20 |
| Link manipulation (reflected DOM-based) | Low | 0x00501001 | 5246977 | CWE-20 |
| Link manipulation (stored DOM-based) | Low | 0x00501002 | 5246978 | CWE-20 |
| Link manipulation (reflected) | Information | 0x00501003 | 5246979 | CWE-73 CWE-20 |
| Link manipulation (stored) | Information | 0x00501004 | 5246980 | CWE-73 CWE-20 |
| Document domain manipulation (DOM-based) | Medium | 0x00501100 | 5247232 | CWE-20 |
| Document domain manipulation (reflected DOM-based) | Medium | 0x00501101 | 5247233 | CWE-20 |
| Document domain manipulation (stored DOM-based) | Medium | 0x00501102 | 5247234 | CWE-20 |
| DOM data manipulation (DOM-based) | Information | 0x00501200 | 5247488 | CWE-20 |
| DOM data manipulation (reflected DOM-based) | Information | 0x00501201 | 5247489 | CWE-20 |
| DOM data manipulation (stored DOM-based) | Information | 0x00501202 | 5247490 | CWE-20 |
| CSS injection (reflected) | Medium | 0x00501300 | 5247744 | CWE-73 CWE-20 |
| CSS injection (stored) | Medium | 0x00501301 | 5247745 | CWE-73 CWE-20 |
| Client-side HTTP parameter pollution (reflected) | Low | 0x00501400 | 5248000 | CWE-233 CWE-20 |
| Client-side HTTP parameter pollution (stored) | Low | 0x00501401 | 5248001 | CWE-233 CWE-20 |
| Form action hijacking (reflected) | Medium | 0x00501500 | 5248256 | CWE-73 CWE-20 |
| Form action hijacking (stored) | Medium | 0x00501501 | 5248257 | CWE-73 CWE-20 |
| Database connection string disclosed | Medium | 0x00600080 | 6291584 | CWE-15 CWE-497 |
| Source code disclosure | Low | 0x006000b0 | 6291632 | CWE-18 CWE-200 CWE-388 CWE-540 CWE-541 CWE-615 |
| Backup file | Information | 0x006000d8 | 6291672 | CWE-530 |
| Directory listing | Information | 0x00600100 | 6291712 | CWE-538 CWE-548 |
| Email addresses disclosed | Information | 0x00600200 | 6291968 | CWE-200 |
| Private IP addresses disclosed | Information | 0x00600300 | 6292224 | CWE-200 |
| Social security numbers disclosed | Information | 0x00600400 | 6292480 | CWE-200 |
| Credit card numbers disclosed | Information | 0x00600500 | 6292736 | CWE-200 CWE-388 |
| Private key disclosed | Information | 0x00600550 | 6292816 | CWE-200 CWE-388 |
| Robots.txt file | Information | 0x00600600 | 6292992 | CWE-200 |
| Json Web Key Set disclosed | Information | 0x00600700 | 6293248 | CWE-200 |
| JWT private key disclosed | High | 0x00600800 | 6293504 | CWE-200 |
| Cacheable HTTPS response | Information | 0x00700100 | 7340288 | CWE-524 CWE-525 |
| Base64-encoded data in parameter | Information | 0x00700200 | 7340544 | CWE-310 CWE-311 |
| Multiple content types specified | Information | 0x00800100 | 8388864 | CWE-436 |
| HTML does not specify charset | Information | 0x00800200 | 8389120 | CWE-16 CWE-436 |
| HTML uses unrecognized charset | Information | 0x00800300 | 8389376 | CWE-16 CWE-436 |
| Content type incorrectly stated | Low | 0x00800400 | 8389632 | CWE-16 CWE-436 |
| Content type is not specified | Information | 0x00800500 | 8389888 | CWE-16 |
| TLS certificate | Medium | 0x01000100 | 16777472 | CWE-295 CWE-326 CWE-327 |
| Unencrypted communications | Low | 0x01000200 | 16777728 | CWE-326 |
| Strict transport security not enforced | Low | 0x01000300 | 16777984 | CWE-523 |
| Mixed content | Information | 0x01000400 | 16778240 | CWE-16 CWE-319 |
| Hidden HTTP 2 | Information | 0x01000500 | 16778496 | CWE-912 |
| Extension generated issue | Information | 0x08000000 | 134217728 |
扫一扫
2573
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
