CWE-16 Web Vulnerability & Security Checks | Invicti

Home / Vulnerabilities / CWE-16 / Page 6

Select Category

Search Vulnerability

Vulnerability Name

Classifications

Severity

Content Security Policy (CSP) Not Implemented

CWE-16, ISO27001-A.14.2.5, WASC-15

Best Practice

SameSite Cookie Not Implemented

CWE-16, ISO27001-A.14.2.5, WASC-15

Best Practice

SameSite None Cookie Not Marked as Secure

CWE-16, ISO27001-A.14.2.5, WASC-15

Best Practice

Subresource Integrity (SRI) Not Implemented

CWE-16, ISO27001-A.14.2.5, WASC-15

Best Practice

ASP.NET Debugging Enabled

CWE-16, ISO27001-A.9.4.1, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Information

An Unsafe Content Security Policy (CSP) Directive in Use

CWE-16, ISO27001-A.14.2.5, WASC-15

Information

Autocomplete Enabled (Password Field)

CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Information

Content Security Policy (CSP) Keywords Not Used Within Single Quotes

CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Information

Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes

CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Information

Content Security Policy (CSP) Nonce Without Matching Script Block

CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Information

Content-Security-Policy-Report-Only Cannot Be Declared Between META Tags

CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Information

Content-Security-Policy-Report-Only Cannot Be Declared Without report-uri Directive

CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Information

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works