The HSTS HTTP response security header is missing, allowing interaction and communication to be sent over the insecure HTTP protocol. Likelihood: LOW Confidence: LOW CWE: - CWE-346: Origin Validation Error
OWASP: - A07:2021 - Identification and Authentication Failures
stacktrace-disclosure
Stacktrace information is displayed in a non-Development environment. Accidentally disclosing sensitive stack trace information in a production environment aids an attacker in reconnaissance and information gathering. Likelihood: LOW Confidence: HIGH CWE: - CWE-209: Generation of Error Message Containing Sensitive Information
OWASP: - A06:2017 - Security Misconfiguration
- A04:2021 - Insecure Design
open-redirect
A query string parameter may contain a URL value that could cause the web application to redirect the request to a malicious website controlled by an attacker. Make sure to sanitize this parameter sufficiently. Likelihood: MEDIUM Confidence: LOW CWE: - CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)
OWASP: - A01:2021 - Broken Access Control