Vulnerability Templates
A comprehensive library of vulnerability templates for penetration testing, organized by category. Use these as starting points for documenting findings in your security assessments.
Categories
The application contains flaws in its business logic that allow users to perform actions or access functionality in unin...
The application can be embedded in an iframe on a malicious site, allowing attackers to trick users into clicking hidden...
The application passes user-supplied input to system shell commands without proper sanitization, allowing attackers to i...
Session cookies are set without the HttpOnly flag, making them accessible to client-side JavaScript and vulnerable to th...
Session cookies or other sensitive cookies are set without the Secure flag, allowing them to be transmitted over unencry...
The application implements an overly permissive Cross-Origin Resource Sharing policy, reflecting arbitrary origins or al...
The application includes user input in HTTP response headers without filtering carriage return and line feed characters,...
The application reflects user-supplied input in HTTP responses without proper encoding or sanitization, allowing attacke...
The application's client-side JavaScript processes user-supplied input in an unsafe way, writing it to the DOM without p...
The web server is configured to display directory listings when no index file is present, exposing the file structure an...
The application trusts the Host header for generating URLs, redirects, or password reset links without proper validation...
The application renders user-supplied HTML content without proper sanitization, allowing attackers to inject arbitrary H...