Wiseep VR Taxonomy
Take a look points we care about
Wiseep allows customers to learn and fix their all type of risky vulnerabilities in an easy and affordable way. We do all checks following our latest vulnerability rating taxonomy.
| Vulnerability⬍ | Severity⬍ | Category⬍ | Origin⬍ |
|---|---|---|---|
| Remote Code Execution (RCE) | P1 - Critical | Input Validation | Developer Awareness |
| Sql Injection | P1 - Critical | Input Validation | Developer Awareness |
| Local File Inclusion (LFI) | P1 - Critical | Input Validation | Developer Awareness |
| Remote File Inclusion (RFI) | P1 - Critical | Input Validation | Developer Awareness |
| Default Credential Usage | P1 - Critical | Authentication | Admin Awareness |
| Unauthenticated Access | P1 - Critical | Authentication | Developer Awareness |
| Hardcoded Password | P1 - Critical | Insecure Storage | Policy Decision |
| Code Injection | P1 - Critical | Input Validation | Developer Awareness |
| Disclosure of Secrets | P1 - Critical | Information Leak | Developer Awareness |
| Webshell via File Upload | P1 - Critical | Input Validation | Developer Awareness |
| Authentication Bypass | P1 - Critical | Authentication | Business Logic |
| Vertical Privilege Escalation | P1 - Critical | Authorization | Developer Awareness |
| Horizontal Privilege Escalation | P1 - Critical | Authorization | Developer Awareness |
| Command Injection | P1 - Critical | Input Validation | Developer Awareness |
| XML External Entity Injection | P1 - Critical | Input Validation | Developer Awareness |
| Insecure Direct Object Reference(IDOR) | P1 - Critical | Broken Access Control | Developer Awareness |
| Predictable Service Credential Usage | P1 - Critical | Authentication | Admin Awareness |
| Authorization Bypass | P1 - Critical | Authorization | Developer Awareness |
| Exploitable Lack of Update Issue | P1 - Critical | Update Management | Process Failure |
| Stored Cross Site Scripting | P2 - High | Input Validation | Developer Awareness |
| Subdomain Takeover | P2 - High | Configuration Management | Admin Awareness |
| Dangerous HTTP Method(PUT) Usage | P2 - High | Configuration Management | Developer Awareness |
| Web Cache Poisoning | P2 - High | Deploy Configuration | Admin Awareness |
| Server-Side Request Forgery - SSRF | P2 - High | Input Validation | Developer Awareness |
| Insecure Direct Object Reference(IDOR) | P2 - High | Broken Access Control | Developer Awareness |
| Default Credential Usage | P2 - High | Authentication | Developer Awareness |
| Application Level Denial of Service | P2 - High | Business Logic | Developer Awareness |
| Session Leak via Accessible Elmah.axd | P2 - High | Session Management | Developer Awareness |
| Oath Account Takeover | P2 - High | Configuration Management | Developer Awareness |
| Token Leakage Issue | P2 - High | Business Logic | Developer Awareness |
| Sensitive Cross-Site Request Forgery (CSRF) | P2 - High | Authentication | Developer Awareness |
| Stored Sensitive Data in Mobile App | P2 - High | Information Leak | Policy Decision |
| Session Leak via Accessible Trace.axd | P2 - High | Session Management | Developer Awareness |
| Second Factor Auth Bypass | P2 - High | Session Management | Developer Awareness |
| Stored Sensitive Data in Source Code | P2 - High | Information Leak | Policy Decision |
| Reflected Cross Site Scripting (RXSS) | P3 - Medium | Input Validation | Developer Awareness |
| CRLF Injection | P3 - Medium | Input Validation | Developer Awareness |
| Internal Scan SSRF | P3 - Medium | Input Validation | Developer Awareness |
| Login Form without Rate Limit | P3 - Medium | Authentication | Developer Awareness |
| Disclosure of Internal Secrets | P3 - Medium | Information Leakage | Process Failure |
| Simple Subdomain Takeover | P3 - Medium | Configuration Management | Admin Awareness |
| HTML Code Injection | P3 - Medium | Input Validation | Developer Awareness |
| Session Fixation | P3 - Medium | Session Management | Developer Awareness |
| Medium Level IDOR Issue | P3 - Medium | Session Management | Developer Awareness |
| Lack of Spoofing Protection | P3 - Medium | Configuration Management | Admin Awareness |
| Sensitive User Enumeration | P3 - Medium | Identity Management | Developer Awareness |
| Cross Site Request Forgery(CSRF) | P3 - Medium | Session Management | Developer Awareness |
| Unauthorised Access | P3 - Medium | Session Management | Developer Awareness |
| Sensitive Directory Listing | P3 - Medium | Deploy Management | Developer Awareness |
| LDAP Injection | P3 - Medium | Input Validation | Developer Awareness |
| XPath Injection | P3 - Medium | Input Validation | Developer Awareness |
| Open URL Redirection | P4 - Low | Input Validation | Developer Awareness |
| Cleartext Credential Submission via HTTP | P4 - Low | Configuration Management | Developer Awareness |
| Unauthorised Directory Listing | P4 - Low | Configuration Management | Admin Awareness |
| Zone Transfer Issue | P4 - Low | Configuration Management | Admin Awareness |
| Privileged Database User Usage | P4 - Low | Configuration Management | Policy Decision |
| External Server-Side Request Forgery | P4 - Low | Input validation | Developer Awareness |
| Registration Form without Rate Limit | P4 - Low | Business Logic | Developer Awareness |
| Email triaging without Rate Limit | P4 - Low | Business Logic | Developer Awareness |
| SMS triaging without Rate Limit | P4 - Low | Business Logic | Developer Awareness |
| Password Reset Token Submission to 3rd Parties | P4 - Low | Business Logic | Developer Awareness |
| Web Application Firewall Bypass | P4 - Low | Configuration Management | Admin Awareness |
| External Authentication Injection | P4 - Low | Input validation | Developer Awareness |
| Open Mail Relay | P4 - Low | Configuration Management | Developer Awareness |
| Delete Account without Confirm | P4 - Low | Business Logic | Developer Awareness |
| Clickjacking on Sensitive Functions | P4 - Low | Session Management | Developer Awareness |
| Logout Function not working properly | P4 - Low | Session Management | Developer Awareness |
| Unauthorised accessible data | P4 - Low | Authentication | Developer Awareness |