| 7 |
Remote File Inclusion |
release |
High |
Active |
| 10028 |
Off-site Redirect |
release |
High |
Passive |
| 10029 |
Cookie Poisoning |
release |
Informational |
Passive |
| 10030 |
User Controllable Charset |
release |
Informational |
Passive |
| 10031 |
User Controllable HTML Element Attribute (Potential XSS) |
release |
Informational |
Passive |
| 10043 |
User Controllable JavaScript Event (XSS) |
release |
Informational |
Passive |
| 10048-1 |
Remote Code Execution - Shell Shock |
release |
High |
Active |
| 10048-2 |
Remote Code Execution - Shell Shock |
release |
High |
Active |
| 20014 |
HTTP Parameter Pollution |
beta |
Informational |
Active |
| 20018 |
Remote Code Execution - CVE-2012-1823 |
release |
High |
Active |
| 20019-1 |
External Redirect |
release |
High |
Active |
| 20019-2 |
External Redirect |
release |
High |
Active |
| 20019-3 |
External Redirect |
release |
High |
Active |
| 20019-4 |
External Redirect |
release |
High |
Active |
| 30001 |
Buffer Overflow |
release |
Medium |
Active |
| 30002 |
Format String Error |
release |
Medium |
Active |
| 30003 |
Integer Overflow Error |
beta |
Medium |
Active |
| 40003 |
CRLF Injection |
release |
Medium |
Active |
| 40009 |
Server Side Include |
release |
High |
Active |
| 40012 |
Cross Site Scripting (Reflected) |
release |
High |
Active |
| 40014-1 |
Cross Site Scripting (Persistent) |
release |
High |
Active |
| 40014-2 |
Cross Site Scripting Weakness (Persistent in JSON Response) |
release |
Low |
Active |
| 40014-3 |
Cross Site Scripting (Persistent) |
release |
High |
Active |
| 40015-1 |
LDAP Injection - activedirectory |
alpha |
High |
Active |
| 40015-2 |
LDAP Injection |
alpha |
High |
Active |
| 40016 |
Cross Site Scripting (Persistent) - Prime |
release |
Informational |
Active |
| 40017 |
Cross Site Scripting (Persistent) - Spider |
release |
Informational |
Active |
| 40018 |
SQL Injection |
release |
High |
Active |
| 40019 |
SQL Injection - MySQL (Time Based) |
release |
High |
Active |
| 40020 |
SQL Injection - Hypersonic SQL (Time Based) |
release |
High |
Active |
| 40021 |
SQL Injection - Oracle (Time Based) |
release |
High |
Active |
| 40022 |
SQL Injection - PostgreSQL (Time Based) |
release |
High |
Active |
| 40024-1 |
SQL Injection - SQLite (Time Based) |
alpha |
High |
Active |
| 40024-2 |
SQL Injection - SQLite (Time Based) |
alpha |
High |
Active |
| 40026 |
Cross Site Scripting (DOM Based) |
release |
High |
Active |
| 40027 |
SQL Injection - MsSQL (Time Based) |
release |
High |
Active |
| 40031 |
Out of Band XSS |
beta |
High |
Active |
| 40033 |
NoSQL Injection - MongoDB |
beta |
High |
Active |
| 40044 |
Exponential Entity Expansion (Billion Laughs Attack) |
release |
Medium |
Active |
| 40045 |
Spring4Shell |
release |
High |
Active |
| 40046 |
Server Side Request Forgery |
beta |
High |
Active |
| 40047 |
Text4shell (CVE-2022-42889) |
beta |
High |
Active |
| 40048 |
Remote Code Execution (React2Shell) |
release |
High |
Active |
| 90017 |
XSLT Injection |
release |
Medium |
Active |
| 90018 |
Advanced SQL Injection |
beta |
High |
Active |
| 90019-1 |
Server Side Code Injection - PHP Code Injection |
release |
High |
Active |
| 90019-2 |
Server Side Code Injection - ASP Code Injection |
release |
High |
Active |
| 90020 |
Remote OS Command Injection |
release |
High |
Active |
| 90021 |
XPath Injection |
release |
High |
Active |
| 90023 |
XML External Entity Attack |
release |
High |
Active |
| 90025 |
Expression Language Injection |
beta |
High |
Active |
| 90026 |
SOAP Action Spoofing |
beta |
High |
Active |
| 90029 |
SOAP XML Injection |
beta |
High |
Active |
| 90035 |
Server Side Template Injection |
release |
High |
Active |
| 90036 |
Server Side Template Injection (Blind) |
release |
High |
Active |
| 90037 |
Remote OS Command Injection (Time Based) |
release |
High |
Active |
| 90039 |
NoSQL Injection - MongoDB (Time Based) |
beta |
High |
Active |
| 100044-1 |
Suspicious Input Transformation - Quote Consumption |
alpha |
High |
Script Active |
| 100044-2 |
Suspicious Input Transformation - Arithmetic Evaluation |
alpha |
High |
Script Active |
| 100044-3 |
Suspicious Input Transformation - Expression Evaluation |
alpha |
High |
Script Active |
| 100044-4 |
Suspicious Input Transformation - Template Evaluation |
alpha |
High |
Script Active |
| 100044-5 |
Suspicious Input Transformation - EL Evaluation |
alpha |
High |
Script Active |
| 100044-6 |
Suspicious Input Transformation - Unicode Normalisation |
alpha |
High |
Script Active |
| 100044-7 |
Suspicious Input Transformation - URL Decoding Error |
alpha |
High |
Script Active |
| 100044-8 |
Suspicious Input Transformation - Unicode Byte Truncation |
alpha |
High |
Script Active |
| 100044-9 |
Suspicious Input Transformation - Unicode Case Conversion |
alpha |
High |
Script Active |
| 100044-10 |
Suspicious Input Transformation - Unicode Combining Diacritic |
alpha |
High |
Script Active |
| 200000-1 |
SQL Injection - Single Quote (before) |
alpha |
High |
Tool |
| 200000-2 |
SQL Injection - Double Quote (before) |
alpha |
High |
Tool |
| 200000-3 |
SQL Injection - Single Quote (after) |
alpha |
High |
Tool |
| 200000-4 |
SQL Injection - Double Quote (after) |
alpha |
High |
Tool |
| 200001 |
OS Command Injection - Unix cat /etc/passwd (pipe) |
alpha |
High |
Tool |
| 200002-1 |
XSS - Unfiltered <script> tag |
alpha |
High |
Tool |
| 200002-2 |
XSS - Script tag after noscript tag |
alpha |
High |
Tool |
| 200002-3 |
XSS - Svg tag with animation event |
alpha |
High |
Tool |
| 200002-4 |
XSS - Img onerror |
alpha |
High |
Tool |
| 200002-5 |
XSS - Img onerror |
alpha |
High |
Tool |
| 200002-6 |
XSS - attribute context img onerror |
alpha |
High |
Tool |
| 200002-7 |
XSS - SVG onload polyglot |
alpha |
High |
Tool |
| 200002-8 |
XSS - JS string break-out |
alpha |
High |
Tool |
| 200002-9 |
XSS - JS template literal break-out |
alpha |
High |
Tool |
| 200002-10 |
XSS - JS expression replacement |
alpha |
High |
Tool |
| 200002-11 |
XSS - JS single-quoted string break-out |
alpha |
High |
Tool |
| 200002-12 |
XSS - JS slash/regex literal break-out |
alpha |
High |
Tool |
| 200002-13 |
XSS - JS block comment break-out |
alpha |
High |
Tool |
| 200002-14 |
XSS - double-quoted attribute event injection |
alpha |
High |
Tool |
| 200002-15 |
XSS - single-quoted attribute event injection |
alpha |
High |
Tool |
| 200002-16 |
XSS - unquoted attribute event injection |
alpha |
High |
Tool |
| 200002-17 |
XSS - attribute-name event injection |
alpha |
High |
Tool |
| 200002-18 |
XSS - tag-name SVG onload injection |
alpha |
High |
Tool |
| 200007 |
SPA hash DOM XSS |
alpha |
High |
Tool |
| 200022-1 |
DOM XSS via query param HTML image onerror |
alpha |
High |
Tool |
| 200022-2 |
DOM XSS via query param attribute breakout |
alpha |
High |
Tool |
| 200022-3 |
DOM XSS via query param JS double-quote breakout |
alpha |
High |
Tool |
| 200022-4 |
DOM XSS via query param JS single-quote breakout |
alpha |
High |
Tool |
| 200022-5 |
DOM XSS via query param JS template literal breakout |
alpha |
High |
Tool |
| 200022-6 |
DOM XSS via query param JS expression execution |
alpha |
High |
Tool |
| 200022-7 |
DOM XSS via query param JS regex breakout |
alpha |
High |
Tool |
| 200022-8 |
DOM XSS via query param JS block-comment breakout |
alpha |
High |
Tool |
| 200022-9 |
DOM XSS via query param script-tag breakout |
alpha |
High |
Tool |
| 200022-10 |
DOM XSS via query param event-handler value |
alpha |
High |
Tool |
| 200022-11 |
DOM XSS via query param attribute-name event injection |
alpha |
High |
Tool |
| 200022-12 |
DOM XSS via query param double-quoted attribute event breakout |
alpha |
High |
Tool |
| 200022-13 |
DOM XSS via query param double-quoted resource onerror breakout |
alpha |
High |
Tool |
| 200022-14 |
DOM XSS via query param single-quoted attribute event breakout |
alpha |
High |
Tool |
| 200022-15 |
DOM XSS via query param unquoted attribute event injection |
alpha |
High |
Tool |
| 200022-16 |
DOM XSS via query param SVG tag-name event injection |
alpha |
High |
Tool |
| 200022-17 |
DOM XSS via query param javascript: URL |
alpha |
High |
Tool |
| 200022-18 |
DOM XSS via query param style-block breakout |
alpha |
High |
Tool |
| 210000-1 |
DOM XSS via inline event handler |
alpha |
High |
Tool |
| 210000-2 |
DOM XSS via Element.innerHTML |
alpha |
High |
Tool |
| 210000-3 |
DOM XSS via Element.outerHTML |
alpha |
High |
Tool |
| 210000-4 |
DOM XSS via insertAdjacentHTML |
alpha |
High |
Tool |
| 210000-5 |
DOM XSS via document.write |
alpha |
High |
Tool |
| 210000-6 |
DOM XSS via DOM mutations |
alpha |
High |
Tool |
| 210001-1 |
Dynamic code execution via eval |
alpha |
High |
Tool |
| 210001-2 |
Dynamic code execution via Function constructor |
alpha |
High |
Tool |
| 210001-3 |
Dynamic code execution via Function.apply |
alpha |
High |
Tool |
| 210003-1 |
javascript: URL assigned to href |
alpha |
High |
Tool |
| 210003-2 |
javascript: URL navigated via location.href |
alpha |
High |
Tool |
| 210003-3 |
javascript: URL assigned to iframe.src |
alpha |
High |
Tool |
| 210003-4 |
data: URL assigned to script.src |
alpha |
High |
Tool |
| 210003-5 |
data: URL assigned to href |
alpha |
High |
Tool |
| 210003-6 |
javascript: URL assigned to src |
alpha |
High |
Tool |
| 210003-7 |
data: URL assigned to src |
alpha |
High |
Tool |
| 210003-8 |
data: URL navigated via location.href |
alpha |
High |
Tool |
| 210003-9 |
javascript: URL navigated via location.assign |
alpha |
High |
Tool |
| 210003-10 |
data: URL navigated via location.assign |
alpha |
High |
Tool |
| 210003-11 |
javascript: URL navigated via location.replace |
alpha |
High |
Tool |
| 210003-12 |
data: URL navigated via location.replace |
alpha |
High |
Tool |
| 210003-13 |
javascript: URL opened via window.open |
alpha |
High |
Tool |
| 210003-14 |
data: URL opened via window.open |
alpha |
High |
Tool |
| 210003-15 |
data: URL assigned to iframe.src |
alpha |
High |
Tool |
| 210006-1 |
javascript: URL assigned to form action |
alpha |
High |
Tool |
| 210006-2 |
javascript: URL assigned to formAction |
alpha |
High |
Tool |
| 210006-3 |
data: URL assigned to form action |
alpha |
Medium |
Tool |
| 210006-4 |
data: URL assigned to formAction |
alpha |
Medium |
Tool |
| 210007-1 |
Response field rendered via innerHTML |
alpha |
High |
Tool |
| 210007-2 |
Response field rendered via document.write |
alpha |
High |
Tool |
| 210007-3 |
Response field rendered via outerHTML |
alpha |
High |
Tool |
| 210007-4 |
Response field rendered via insertAdjacentHTML |
alpha |
High |
Tool |
| 210007-5 |
Response field rendered via DOM mutation |
alpha |
Medium |
Tool |
| 210007-6 |
Response field parsed via DOMParser |
alpha |
Medium |
Tool |
| 210007-7 |
Response field parsed via createContextualFragment |
alpha |
Medium |
Tool |
| 210007-8 |
Response field rendered via setHTMLUnsafe |
alpha |
High |
Tool |
| 210007-9 |
Response field rendered via ShadowRoot.setHTMLUnsafe |
alpha |
High |
Tool |
| 210008-1 |
Prototype pollution influenced fetch() init |
alpha |
High |
Tool |
| 210008-2 |
Tainted dangerous key used in prototype write |
alpha |
Medium |
Tool |
| 210009-1 |
AngularJS expression executed through Function constructor |
alpha |
High |
Tool |
| 210009-2 |
AngularJS $parse expression from form input |
alpha |
High |
Tool |
| 210009-3 |
AngularJS $parse expression from cookie |
alpha |
High |
Tool |
| 210009-4 |
AngularJS $parse expression from localStorage |
alpha |
High |
Tool |
| 210009-5 |
AngularJS $parse expression from postMessage |
alpha |
High |
Tool |
| 210011-1 |
Tainted string executed via setTimeout |
alpha |
High |
Tool |
| 210011-2 |
Tainted string executed via setInterval |
alpha |
High |
Tool |
| 210016-1 |
DOM XSS via DOMParser.parseFromString |
alpha |
Medium |
Tool |
| 210016-2 |
DOM XSS via Range.createContextualFragment |
alpha |
High |
Tool |
| 210016-3 |
DOM XSS via Element.setHTMLUnsafe |
alpha |
High |
Tool |
| 210016-4 |
DOM XSS via ShadowRoot.setHTMLUnsafe |
alpha |
High |
Tool |
| 210017-1 |
DOM XSS via innerHTML (secondary sources) |
alpha |
High |
Tool |
| 210017-2 |
DOM XSS via outerHTML (secondary sources) |
alpha |
High |
Tool |
| 210017-3 |
DOM XSS via insertAdjacentHTML (secondary sources) |
alpha |
High |
Tool |
| 210017-4 |
DOM XSS via document.write (secondary sources) |
alpha |
High |
Tool |
| 210017-5 |
DOM XSS via inline handlers (secondary sources) |
alpha |
High |
Tool |
| 210017-6 |
DOM XSS via DOM mutation (secondary sources) |
alpha |
High |
Tool |
| 210017-7 |
DOM XSS via iframe.srcdoc (secondary sources) |
alpha |
High |
Tool |
| 210018-1 |
eval() from storage/referrer taint |
alpha |
High |
Tool |
| 210018-2 |
Function() from storage/referrer taint |
alpha |
High |
Tool |
| 210018-3 |
Function.apply() from storage/referrer taint |
alpha |
High |
Tool |
| 210018-4 |
setTimeout(string) from storage/referrer taint |
alpha |
High |
Tool |
| 210018-5 |
setInterval(string) from storage/referrer taint |
alpha |
High |
Tool |
| 220000-1 |
Disallow innerHTML/outerHTML assignments |
alpha |
High |
Tool |
| 220000-2 |
Review uses of appendChild |
alpha |
High |
Tool |
| 220000-3 |
Disallow document.write()/writeln() |
alpha |
High |
Tool |
| 220000-4 |
Review DOMParser.parseFromString with dynamic HTML/XML |
alpha |
High |
Tool |
| 220000-5 |
template.innerHTML with dynamic content |
alpha |
High |
Tool |
| 220000-6 |
Inline event handler built from dynamic data |
alpha |
High |
Tool |
| 220000-7 |
Disallow insertAdjacentHTML() |
alpha |
High |
Tool |
| 220000-8 |
DOM-based XSS (taint flow) |
alpha |
High |
Tool |
| 220000-9 |
DOM XSS via innerHTML (Angular) |
alpha |
High |
Tool |
| 220003-1 |
Avoid string-based timers |
alpha |
High |
Tool |
| 220003-2 |
Avoid execScript dynamic execution |
alpha |
High |
Tool |
| 220003-3 |
Avoid eval with string literals |
alpha |
High |
Tool |
| 220003-4 |
Avoid Function constructor with strings |
alpha |
High |
Tool |
| 220003-5 |
DOM-based JavaScript Injection (taint flow) |
alpha |
High |
Tool |
| 220004-1 |
Tainted data passed to AngularJS $parse |
alpha |
High |
Tool |
| 220004-2 |
Tainted data compiled as AngularJS template |
alpha |
High |
Tool |
| 220004-3 |
Dynamic AngularJS $parse expression |
alpha |
High |
Tool |
| 220004-4 |
Dynamic AngularJS $compile/$interpolate template |
alpha |
High |
Tool |
| 220004-5 |
AngularJS interpolation delimiters in template string |
alpha |
High |
Tool |
| 220004-6 |
AngularJS ng-* expression attribute |
alpha |
High |
Tool |
| 220005-1 |
Dynamic template compilation |
alpha |
High |
Tool |
| 220005-2 |
Template output injected into DOM |
alpha |
High |
Tool |
| 220005-3 |
Review Vue v-html template usage |
alpha |
High |
Tool |
| 220005-4 |
Template injection (taint flow) |
alpha |
High |
Tool |
| 220005-5 |
React dangerouslySetInnerHTML taint flow |
alpha |
High |
Tool |
| 220005-6 |
Lit unsafeHTML taint flow |
alpha |
High |
Tool |
| 220006-1 |
Review sendBeacon destination |
alpha |
Medium |
Tool |
| 220006-2 |
Review sendBeacon body content |
alpha |
Medium |
Tool |
| 220006-3 |
Review EventSource constructor usage |
alpha |
Medium |
Tool |
| 220006-4 |
Review direct Axios destination usage |
alpha |
Medium |
Tool |
| 220006-5 |
Tainted network destination URL |
alpha |
Medium |
Tool |
| 220007-1 |
Review jQuery getScript usage |
alpha |
Medium |
Tool |
| 220007-2 |
Review System.import usage |
alpha |
Medium |
Tool |
| 220007-3 |
Review dynamic import usage |
alpha |
Medium |
Tool |
| 220007-4 |
Review Worker constructor usage |
alpha |
Medium |
Tool |
| 220007-5 |
Review SharedWorker constructor usage |
alpha |
Medium |
Tool |
| 220007-6 |
Review serviceWorker.register usage |
alpha |
Medium |
Tool |
| 220007-7 |
Review importScripts usage |
alpha |
Medium |
Tool |
| 220007-8 |
Tainted worker or script loader URL |
alpha |
Medium |
Tool |