Generic

TitleSeverity
Use of Web Link to Untrusted Target with window.opener Accessmedium
Use of Hard-coded Credentialslow
Use of Hard-coded Credentialslow
Use of Hard-coded Credentialslow
Use of Hard-coded Credentialsmedium
Use of Hard-coded Credentialsmedium
Use of Hard-coded Credentialsmedium
Unintended Proxy or Intermediary ('Confused Deputy')medium
Sensitive Cookie in HTTPS Session Without 'Secure' Attributelow
Sensitive Cookie in HTTPS Session Without 'Secure' Attributelow
Origin Validation Errormedium
Missing Support for Integrity Checklow
Insertion of Sensitive Information into Log Filelow
Insertion of Sensitive Information into Externally-Accessible File or Directoryhigh
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')low
Inadequate Encryption Strengthmedium
Inadequate Encryption Strengthhigh
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')low
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')low
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')low
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')low
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')low
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')high
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')high
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')high
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')low
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')low
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')low
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')low
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')low
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')low
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')low
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')low
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')low
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')low
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')low
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')low
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')low
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')low
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')low
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')low
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')low
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')low
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')medium
Improper Management of Sensitive Trace Datalow
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')low
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')medium
Improper Export of Android Application Componentsmedium
Improper Encoding or Escaping of Outputlow
Improper Control of Generation of Code ('Code Injection')high
Exposure of Sensitive Information to an Unauthorized Actorhigh
Exposure of Sensitive Information to an Unauthorized Actorhigh
Cross-Site Request Forgery (CSRF)low
Cross-Site Request Forgery (CSRF)high
Cross-Site Request Forgery (CSRF)medium
Cross-Site Request Forgery (CSRF)low
Creating Debug Binarylow
Configurationlow
Configurationlow
Configurationlow
Cleartext Transmission of Sensitive Informationlow
Authentication Bypass by Spoofinglow
Active Debug Codelow