High |
0x00100100 |
SQL injection |
High |
0x00100200 |
SQL injection (second order) |
High |
0x00100210 |
ASP.NET tracing enabled |
High |
0x00100280 |
File path traversal |
High |
0x00100300 |
XML external entity injection |
High |
0x00100400 |
LDAP injection |
High |
0x00100500 |
XPath injection |
High |
0x00100600 |
XML injection |
Medium |
0x00100700 |
ASP.NET debugging enabled |
Medium |
0x00100800 |
HTTP PUT method is enabled |
High |
0x00100900 |
Out-of-band resource load (HTTP) |
High |
0x00100a00 |
File path manipulation |
High |
0x00100b00 |
PHP code injection |
High |
0x00100c00 |
Server-side JavaScript code injection |
High |
0x00100d00 |
Perl code injection |
High |
0x00100e00 |
Ruby code injection |
High |
0x00100f00 |
Python code injection |
High |
0x00100f10 |
Expression Language injection |
High |
0x00100f20 |
Unidentified code injection |
High |
0x00101000 |
Server-side template injection |
High |
0x00101080 |
SSI injection |
High |
0x00101100 |
Cross-site scripting (stored) |
High |
0x00200100 |
HTTP request smuggling |
High |
0x00200140 |
Web cache poisoning |
High |
0x00200180 |
HTTP response header injection |
High |
0x00200200 |
Cross-site scripting (reflected) |
High |
0x00200300 |
Client-side template injection |
High |
0x00200308 |
Cross-site scripting (DOM-based) |
High |
0x00200310 |
Cross-site scripting (reflected DOM-based) |
High |
0x00200311 |
Cross-site scripting (stored DOM-based) |
High |
0x00200312 |
JavaScript injection (DOM-based) |
High |
0x00200320 |
JavaScript injection (reflected DOM-based) |
High |
0x00200321 |
JavaScript injection (stored DOM-based) |
High |
0x00200322 |
Path-relative style sheet import |
Information |
0x00200328 |
Client-side SQL injection (DOM-based) |
High |
0x00200330 |
Client-side SQL injection (reflected DOM-based) |
High |
0x00200331 |
Client-side SQL injection (stored DOM-based) |
High |
0x00200332 |
WebSocket URL poisoning (DOM-based) |
High |
0x00200340 |
WebSocket URL poisoning (reflected DOM-based) |
High |
0x00200341 |
WebSocket URL poisoning (stored DOM-based) |
High |
0x00200342 |
Local file path manipulation (DOM-based) |
High |
0x00200350 |
Local file path manipulation (reflected DOM-based) |
High |
0x00200351 |
Local file path manipulation (stored DOM-based) |
High |
0x00200352 |
Client-side XPath injection (DOM-based) |
Low |
0x00200360 |
Client-side XPath injection (reflected DOM-based) |
Low |
0x00200361 |
Client-side XPath injection (stored DOM-based) |
Low |
0x00200362 |
Client-side JSON injection (DOM-based) |
Low |
0x00200370 |
Client-side JSON injection (reflected DOM-based) |
Low |
0x00200371 |
Client-side JSON injection (stored DOM-based) |
Low |
0x00200372 |
Flash cross-domain policy |
High |
0x00200400 |
Silverlight cross-domain policy |
High |
0x00200500 |
Cross-origin resource sharing |
Information |
0x00200600 |
Cross-origin resource sharing: arbitrary origin trusted |
High |
0x00200601 |
Cross-origin resource sharing: unencrypted origin trusted |
Low |
0x00200602 |
Cross-origin resource sharing: all subdomains trusted |
Low |
0x00200603 |
Cross-site request forgery |
Medium |
0x00200700 |
SMTP header injection |
Medium |
0x00200800 |
Cleartext submission of password |
High |
0x00300100 |
External service interaction (DNS) |
High |
0x00300200 |
External service interaction (HTTP) |
High |
0x00300210 |
External service interaction (SMTP) |
Information |
0x00300220 |
Referer-dependent response |
Information |
0x00400100 |
Spoofable client IP address |
Information |
0x00400110 |
User agent-dependent response |
Information |
0x00400120 |
Password returned in later response |
Medium |
0x00400200 |
Password submitted using GET method |
Low |
0x00400300 |
Password returned in URL query string |
Low |
0x00400400 |
SQL statement in request parameter |
Medium |
0x00400480 |
Cross-domain POST |
Information |
0x00400500 |
ASP.NET ViewState without MAC enabled |
Low |
0x00400600 |
XML entity expansion |
Medium |
0x00400700 |
Long redirection response |
Information |
0x00400800 |
Serialized object in HTTP message |
High |
0x00400900 |
Duplicate cookies set |
Information |
0x00400a00 |
Input returned in response (stored) |
Information |
0x00400b00 |
Input returned in response (reflected) |
Information |
0x00400c00 |
Suspicious input transformation (reflected) |
Information |
0x00400d00 |
Suspicious input transformation (stored) |
Information |
0x00400e00 |
Request URL override |
Information |
0x00400f00 |
Open redirection (reflected) |
Low |
0x00500100 |
Open redirection (stored) |
Medium |
0x00500101 |
Open redirection (DOM-based) |
Low |
0x00500110 |
Open redirection (reflected DOM-based) |
Low |
0x00500111 |
Open redirection (stored DOM-based) |
Medium |
0x00500112 |
TLS cookie without secure flag set |
Medium |
0x00500200 |
Cookie scoped to parent domain |
Low |
0x00500300 |
Cross-domain Referer leakage |
Information |
0x00500400 |
Cross-domain script include |
Information |
0x00500500 |
Cookie without HttpOnly flag set |
Low |
0x00500600 |
Session token in URL |
Medium |
0x00500700 |
Password field with autocomplete enabled |
Low |
0x00500800 |
Password value set in cookie |
Medium |
0x00500900 |
File upload functionality |
Information |
0x00500980 |
Frameable response (potential Clickjacking) |
Information |
0x005009a0 |
Browser cross-site scripting filter disabled |
Information |
0x005009b0 |
HTTP TRACE method is enabled |
Information |
0x00500a00 |
Cookie manipulation (DOM-based) |
Low |
0x00500b00 |
Cookie manipulation (reflected DOM-based) |
Low |
0x00500b01 |
Cookie manipulation (stored DOM-based) |
Low |
0x00500b02 |
Ajax request header manipulation (DOM-based) |
Low |
0x00500c00 |
Ajax request header manipulation (reflected DOM-based) |
Low |
0x00500c01 |
Ajax request header manipulation (stored DOM-based) |
Low |
0x00500c02 |
Denial of service (DOM-based) |
Information |
0x00500d00 |
Denial of service (reflected DOM-based) |
Information |
0x00500d01 |
Denial of service (stored DOM-based) |
Low |
0x00500d02 |
HTML5 web message manipulation (DOM-based) |
Information |
0x00500e00 |
HTML5 web message manipulation (reflected DOM-based) |
Information |
0x00500e01 |
HTML5 web message manipulation (stored DOM-based) |
Information |
0x00500e02 |
HTML5 storage manipulation (DOM-based) |
Information |
0x00500f00 |
HTML5 storage manipulation (reflected DOM-based) |
Information |
0x00500f01 |
HTML5 storage manipulation (stored DOM-based) |
Information |
0x00500f02 |
Link manipulation (DOM-based) |
Low |
0x00501000 |
Link manipulation (reflected DOM-based) |
Low |
0x00501001 |
Link manipulation (stored DOM-based) |
Low |
0x00501002 |
Link manipulation (reflected) |
Information |
0x00501003 |
Link manipulation (stored) |
Information |
0x00501004 |
Document domain manipulation (DOM-based) |
Medium |
0x00501100 |
Document domain manipulation (reflected DOM-based) |
Medium |
0x00501101 |
Document domain manipulation (stored DOM-based) |
Medium |
0x00501102 |
DOM data manipulation (DOM-based) |
Information |
0x00501200 |
DOM data manipulation (reflected DOM-based) |
Information |
0x00501201 |
DOM data manipulation (stored DOM-based) |
Information |
0x00501202 |
CSS injection (reflected) |
Medium |
0x00501300 |
CSS injection (stored) |
Medium |
0x00501301 |
Client-side HTTP parameter pollution (reflected) |
Low |
0x00501400 |
Client-side HTTP parameter pollution (stored) |
Low |
0x00501401 |
Form action hijacking (reflected) |
Medium |
0x00501500 |
Form action hijacking (stored) |
Medium |
0x00501501 |
Database connection string disclosed |
Medium |
0x00600080 |
Source code disclosure |
Low |
0x006000b0 |
Backup file |
Information |
0x006000d8 |
Directory listing |
Information |
0x00600100 |
Email addresses disclosed |
Information |
0x00600200 |
Private IP addresses disclosed |
Information |
0x00600300 |
Social security numbers disclosed |
Information |
0x00600400 |
Credit card numbers disclosed |
Information |
0x00600500 |
Private key disclosed |
Information |
0x00600550 |
Robots.txt file |
Information |
0x00600600 |
Cacheable HTTPS response |
Information |
0x00700100 |
Base64-encoded data in parameter |
Information |
0x00700200 |
Multiple content types specified |
Information |
0x00800100 |
HTML does not specify charset |
Information |
0x00800200 |
HTML uses unrecognized charset |
Information |
0x00800300 |
Content type incorrectly stated |
Low |
0x00800400 |
Content type is not specified |
Information |
0x00800500 |
TLS certificate |
Medium |
0x01000100 |
Unencrypted communications |
Low |
0x01000200 |
Strict transport security not enforced |
Low |
0x01000300 |
Mixed content |
Information |
0x01000400 |
Extension generated issue |
Information |
0x08000000 |