Server-Side Injection | Remote Code Execution (RCE) | Ensure that the application will not process operating system commands from the user. | P1 | |
Server Misconfiguration | Using Default Credentials | Ensure that the applciation is not using the default credentials | P1 | |
Server-Side Injection | SQL Injection | | P1 | |
Server-Side Injection | XML External Entity Injection (XXE) | | P1 | |
Server-Side Injection | Authentication Bypass | | P1 | |
Server Misconfiguration | Subdomain Takeover | | P2 | |
Server Misconfiguration | Account Takeover (OAuth Misconfiguration) | | P2 | |
Authorization | Cross-Site Request Forgery | | P2 | |
| Session Fixation | | P3 | |
Server misconfiguration | Clickjacking | | P4 | |
Server Misconfiguration | No Rate Limiting | | P4 | |
| Weak Password Policy | | P5 | |
Broken Access Control | Username Enumeration (Login Page) | | P4 | |
Broken Access Control | Username Enumeration (Password Reset Page) | | P4 | |
| Cross Site Scripting (XSS) | | | |
| Stored Cross Site Scripting (XSS) | | | |
| XML External Entity (XXE) | | | |
| Directory Traversal | | | |
| Remote file inclusion (RFI) | | | |
| Local File Inclusion (LFI) | | | |
| Directory listing | | | |
| ASP. NET Tracing Enabled | | | |
| XPath Injection | | | |
| HTTP request smuggling | | | |
| Web cache poisoning | | | |
| DOM Cross Site Scripting (DOM XSS) | | | |
| Java deserialization | | | |
| Open Redirection | | | |
| Session Cookie without http flag | | | |
| Session Cookie without secure flag | | | |
| Private IP disclosure | | | |
| Application not using HTTPS | | | |
| Sensitive Data Exposure (EXIF Data) | | | |
| Account Takeover | | | |
| OTP Bypass | | | |
| 2FA Bypass | | | |
| Insecure direct object references (IDOR) | | | |
| CORS Misconfiguration | | | |
| Privilege Escalation | | | |
| Unsafe HTTP Method Enabled | | | |
| JWT Misconfiguration | | | |
| HTML Injection | | | |
| Host-Header Injection | | | |
| Server-Side Template Injection | | | |
| Parameter pollution | | | |