Vulnerability Levels - Searchspring

Technical severity	VRT category	Specific vulnerability name	Variant / Affected function
P1	Server Security Misconfiguration	Using Default Credentials
P1	Server-Side Injection	File Inclusion	Local
P1	Server-Side Injection	Remote Code Execution (RCE)
P1	Server-Side Injection	SQL Injection
P1	Server-Side Injection	XML External Entity Injection (XXE)
P1	Broken Authentication and Session Management	Authentication Bypass
P1	Sensitive Data Exposure	Disclosure of Secrets	For Publicly Accessible Asset
P1	Insecure OS/Firmware	Command Injection
P1	Insecure OS/Firmware	Hardcoded Password	Privileged User
P1	Broken Cryptography	Cryptographic Flaw	Incorrect Usage
P1	Automotive Security Misconfiguration	Infotainment, Radio Head Unit	PII Leakage
P1	Automotive Security Misconfiguration	RF Hub	Key Fob Cloning
P2	Server Security Misconfiguration	Misconfigured DNS	High Impact Subdomain Takeover
P2	Server Security Misconfiguration	OAuth Misconfiguration	Account Takeover
P2	Sensitive Data Exposure	Weak Password Reset Implementation	Token Leakage via Host Header Poisoning
P2	Cross-Site Scripting (XSS)	Stored	Non-Privileged User to Anyone
P2	Broken Access Control (BAC)	Server-Side Request Forgery (SSRF)	Internal High Impact
P2	Cross-Site Request Forgery (CSRF)	Application-Wide
P2	Application-Level Denial-of-Service (DoS)	Critical Impact and/or Easy Difficulty
P2	Insecure OS/Firmware	Hardcoded Password	Non-Privileged User
P2	Automotive Security Misconfiguration	Infotainment, Radio Head Unit	OTA Firmware Manipulation
P2	Automotive Security Misconfiguration	Infotainment, Radio Head Unit	Code Execution (CAN Bus Pivot)
P2	Automotive Security Misconfiguration	RF Hub	CAN Injection / Interaction
P3	Server Security Misconfiguration	Misconfigured DNS	Basic Subdomain Takeover
P3	Server Security Misconfiguration	Mail Server Misconfiguration	No Spoofing Protection on Email Domain
P3	Server-Side Injection	HTTP Response Manipulation	Response Splitting (CRLF)
P3	Server-Side Injection	Content Spoofing	iframe Injection
P3	Broken Authentication and Session Management	Second Factor Authentication (2FA) Bypass
P3	Broken Authentication and Session Management	Session Fixation	Remote Attack Vector
P3	Sensitive Data Exposure	Disclosure of Secrets	For Internal Asset
P3	Sensitive Data Exposure	EXIF Geolocation Data Not Stripped From Uploaded Images	Automatic User Enumeration
P3	Cross-Site Scripting (XSS)	Stored	Privileged User to Privilege Elevation
P3	Cross-Site Scripting (XSS)	Stored	CSRF/URL-Based
P3	Cross-Site Scripting (XSS)	Reflected	Non-Self
P3	Broken Access Control (BAC)	Server-Side Request Forgery (SSRF)	Internal Scan and/or Medium Impact
P3	Application-Level Denial-of-Service (DoS)	High Impact and/or Medium Difficulty
P3	Client-Side Injection	Binary Planting	Default Folder Privilege Escalation
P3	Automotive Security Misconfiguration	Infotainment, Radio Head Unit	Code Execution (No CAN Bus Pivot)
P3	Automotive Security Misconfiguration	Infotainment, Radio Head Unit	Unauthorized Access to Services (API / Endpoints)
P3	Automotive Security Misconfiguration	RF Hub	Data Leakage / Pull Encryption Mechanism
P3	Automotive Security Misconfiguration	CAN	Injection (Battery Management System)
P3	Automotive Security Misconfiguration	CAN	Injection (Steering Control)
P3	Automotive Security Misconfiguration	CAN	Injection (Pyrotechnical Device Deployment Tool)
P3	Automotive Security Misconfiguration	CAN	Injection (Headlights)
P3	Automotive Security Misconfiguration	CAN	Injection (Sensors)
P3	Automotive Security Misconfiguration	CAN	Injection (Vehicle Anti-theft Systems)
P3	Automotive Security Misconfiguration	CAN	Injection (Powertrain)
P3	Automotive Security Misconfiguration	CAN	Injection (Basic Safety Message)
P3	Automotive Security Misconfiguration	Battery Management System	Firmware Dump
P3	Automotive Security Misconfiguration	Immobilizer	Engine Start
P3	Automotive Security Misconfiguration	Automatic Braking System (ABS)	Unintended Acceleration / Brake
P4	Server Security Misconfiguration	Misconfigured DNS	Zone Transfer
P4	Server Security Misconfiguration	Mail Server Misconfiguration	Email Spoofing to Inbox due to Missing or Misconfigured DMARC on Email Domain
P4	Server Security Misconfiguration	Database Management System (DBMS) Misconfiguration	Excessively Privileged User / DBA
P4	Server Security Misconfiguration	Lack of Password Confirmation	Delete Account
P4	Server Security Misconfiguration	No Rate Limiting on Form	Registration
P4	Server Security Misconfiguration	No Rate Limiting on Form	Login
P4	Server Security Misconfiguration	No Rate Limiting on Form	Email-Triggering
P4	Server Security Misconfiguration	No Rate Limiting on Form	SMS-Triggering
P4	Server Security Misconfiguration	Missing Secure or HTTPOnly Cookie Flag	Session Token
P4	Server Security Misconfiguration	Clickjacking	Sensitive Click-Based Action
P4	Server Security Misconfiguration	OAuth Misconfiguration	Account Squatting
P4	Server Security Misconfiguration	CAPTCHA	Implementation Vulnerability
P4	Server Security Misconfiguration	Lack of Security Headers	Cache-Control for a Sensitive Page
P4	Server Security Misconfiguration	Web Application Firewall (WAF) Bypass	Direct Server Access
P4	Server-Side Injection	Content Spoofing	Impersonation via Broken Link Hijacking
P4	Server-Side Injection	Content Spoofing	External Authentication Injection
P4	Server-Side Injection	Content Spoofing	Email HTML Injection
P4	Server-Side Injection	Server-Side Template Injection (SSTI)	Basic
P4	Broken Authentication and Session Management	Cleartext Transmission of Session Token
P4	Broken Authentication and Session Management	Weak Login Function	Other Plaintext Protocol with no Secure Alternative
P4	Broken Authentication and Session Management	Weak Login Function	Over HTTP
P4	Broken Authentication and Session Management	Failure to Invalidate Session	On Logout (Client and Server-Side)
P4	Broken Authentication and Session Management	Failure to Invalidate Session	On Password Reset and/or Change
P4	Broken Authentication and Session Management	Weak Registration Implementation	Over HTTP
P4	Sensitive Data Exposure	Disclosure of Secrets	Pay-Per-Use Abuse
P4	Sensitive Data Exposure	EXIF Geolocation Data Not Stripped From Uploaded Images	Manual User Enumeration
P4	Sensitive Data Exposure	Visible Detailed Error/Debug Page	Detailed Server Configuration
P4	Sensitive Data Exposure	Token Leakage via Referer	Untrusted 3rd Party
P4	Sensitive Data Exposure	Token Leakage via Referer	Over HTTP
P4	Sensitive Data Exposure	Sensitive Token in URL	User Facing
P4	Sensitive Data Exposure	Weak Password Reset Implementation	Password Reset Token Sent Over HTTP
P4	Sensitive Data Exposure	Via localStorage/sessionStorage	Sensitive Token
P4	Cross-Site Scripting (XSS)	Stored	Privileged User to No Privilege Elevation
P4	Cross-Site Scripting (XSS)	IE-Only	IE11
P4	Cross-Site Scripting (XSS)	Referer
P4	Cross-Site Scripting (XSS)	Universal (UXSS)
P4	Cross-Site Scripting (XSS)	Off-Domain	Data URI
P4	Broken Access Control (BAC)	Server-Side Request Forgery (SSRF)	External
P4	Broken Access Control (BAC)	Username/Email Enumeration	Non-Brute Force
P4	Unvalidated Redirects and Forwards	Open Redirect	GET-Based
P4	Insufficient Security Configurability	No Password Policy
P4	Insufficient Security Configurability	Weak Password Reset Implementation	Token is Not Invalidated After Use
P4	Insufficient Security Configurability	Weak 2FA Implementation	2FA Secret Cannot be Rotated
P4	Insufficient Security Configurability	Weak 2FA Implementation	2FA Secret Remains Obtainable After 2FA is Enabled
P4	Insecure Data Storage	Sensitive Application Data Stored Unencrypted	On External Storage
P4	Insecure Data Storage	Server-Side Credentials Storage	Plaintext
P4	Insecure Data Transport	Executable Download	No Secure Integrity Check
P4	Privacy Concerns	Unnecessary Data Collection	WiFi SSID+Password
P4	Automotive Security Misconfiguration	Infotainment, Radio Head Unit	Source Code Dump
P4	Automotive Security Misconfiguration	Infotainment, Radio Head Unit	Denial of Service (DoS / Brick)
P4	Automotive Security Misconfiguration	Infotainment, Radio Head Unit	Default Credentials
P4	Automotive Security Misconfiguration	RF Hub	Unauthorized Access / Turn On
P4	Automotive Security Misconfiguration	CAN	Injection (Disallowed Messages)
P4	Automotive Security Misconfiguration	CAN	Injection (DoS)
P4	Automotive Security Misconfiguration	Battery Management System	Fraudulent Interface
P4	Automotive Security Misconfiguration	GNSS / GPS	Spoofing
P4	Automotive Security Misconfiguration	Roadside Unit (RSU)	Sybil Attack
P5	Server Security Misconfiguration	Directory Listing Enabled	Non-Sensitive Data Exposure
P5	Server Security Misconfiguration	Same-Site Scripting
P5	Server Security Misconfiguration	Misconfigured DNS	Missing Certification Authority Authorization (CAA) Record
P5	Server Security Misconfiguration	Mail Server Misconfiguration	Email Spoofing to Spam Folder
P5	Server Security Misconfiguration	Mail Server Misconfiguration	Missing or Misconfigured SPF and/or DKIM
P5	Server Security Misconfiguration	Mail Server Misconfiguration	Email Spoofing on Non-Email Domain
P5	Server Security Misconfiguration	Lack of Password Confirmation	Change Email Address
P5	Server Security Misconfiguration	Lack of Password Confirmation	Change Password
P5	Server Security Misconfiguration	Lack of Password Confirmation	Manage 2FA
P5	Server Security Misconfiguration	No Rate Limiting on Form	Change Password
P5	Server Security Misconfiguration	Unsafe File Upload	No Antivirus
P5	Server Security Misconfiguration	Unsafe File Upload	No Size Limit
P5	Server Security Misconfiguration	Unsafe File Upload	File Extension Filter Bypass
P5	Server Security Misconfiguration	Cookie Scoped to Parent Domain
P5	Server Security Misconfiguration	Missing Secure or HTTPOnly Cookie Flag	Non-Session Cookie
P5	Server Security Misconfiguration	Clickjacking	Form Input
P5	Server Security Misconfiguration	Clickjacking	Non-Sensitive Action
P5	Server Security Misconfiguration	CAPTCHA	Brute Force
P5	Server Security Misconfiguration	CAPTCHA	Missing
P5	Server Security Misconfiguration	Exposed Admin Portal	To Internet
P5	Server Security Misconfiguration	Missing DNSSEC
P5	Server Security Misconfiguration	Fingerprinting/Banner Disclosure
P5	Server Security Misconfiguration	Username/Email Enumeration	Brute Force
P5	Server Security Misconfiguration	Potentially Unsafe HTTP Method Enabled	OPTIONS
P5	Server Security Misconfiguration	Potentially Unsafe HTTP Method Enabled	TRACE
P5	Server Security Misconfiguration	Insecure SSL	Lack of Forward Secrecy
P5	Server Security Misconfiguration	Insecure SSL	Insecure Cipher Suite
P5	Server Security Misconfiguration	Insecure SSL	Certificate Error
P5	Server Security Misconfiguration	Reflected File Download (RFD)
P5	Server Security Misconfiguration	Lack of Security Headers	X-Frame-Options
P5	Server Security Misconfiguration	Lack of Security Headers	Cache-Control for a Non-Sensitive Page
P5	Server Security Misconfiguration	Lack of Security Headers	X-XSS-Protection
P5	Server Security Misconfiguration	Lack of Security Headers	Strict-Transport-Security
P5	Server Security Misconfiguration	Lack of Security Headers	X-Content-Type-Options
P5	Server Security Misconfiguration	Lack of Security Headers	Content-Security-Policy
P5	Server Security Misconfiguration	Lack of Security Headers	Public-Key-Pins
P5	Server Security Misconfiguration	Lack of Security Headers	X-Content-Security-Policy
P5	Server Security Misconfiguration	Lack of Security Headers	X-Webkit-CSP
P5	Server Security Misconfiguration	Lack of Security Headers	Content-Security-Policy-Report-Only
P5	Server Security Misconfiguration	Bitsquatting
P5	Server-Side Injection	Parameter Pollution	Social Media Sharing Buttons
P5	Server-Side Injection	Content Spoofing	Flash Based External Authentication Injection
P5	Server-Side Injection	Content Spoofing	Email Hyperlink Injection Based on Email Provider
P5	Server-Side Injection	Content Spoofing	Text Injection
P5	Server-Side Injection	Content Spoofing	Homograph/IDN-Based
P5	Server-Side Injection	Content Spoofing	Right-to-Left Override (RTLO)
P5	Broken Authentication and Session Management	Weak Login Function	Not Operational or Intended Public Access
P5	Broken Authentication and Session Management	Session Fixation	Local Attack Vector
P5	Broken Authentication and Session Management	Failure to Invalidate Session	On Logout (Server-Side Only)
P5	Broken Authentication and Session Management	Failure to Invalidate Session	Concurrent Sessions On Logout
P5	Broken Authentication and Session Management	Failure to Invalidate Session	On Email Change
P5	Broken Authentication and Session Management	Failure to Invalidate Session	On 2FA Activation/Change
P5	Broken Authentication and Session Management	Failure to Invalidate Session	Long Timeout
P5	Broken Authentication and Session Management	Concurrent Logins
P5	Sensitive Data Exposure	Disclosure of Secrets	Intentionally Public, Sample or Invalid
P5	Sensitive Data Exposure	Disclosure of Secrets	Data/Traffic Spam
P5	Sensitive Data Exposure	Disclosure of Secrets	Non-Corporate User
P5	Sensitive Data Exposure	Visible Detailed Error/Debug Page	Full Path Disclosure
P5	Sensitive Data Exposure	Visible Detailed Error/Debug Page	Descriptive Stack Trace
P5	Sensitive Data Exposure	Disclosure of Known Public Information
P5	Sensitive Data Exposure	Token Leakage via Referer	Trusted 3rd Party
P5	Sensitive Data Exposure	Sensitive Token in URL	In the Background
P5	Sensitive Data Exposure	Sensitive Token in URL	On Password Reset
P5	Sensitive Data Exposure	Non-Sensitive Token in URL
P5	Sensitive Data Exposure	Mixed Content (HTTPS Sourcing HTTP)
P5	Sensitive Data Exposure	Sensitive Data Hardcoded	OAuth Secret
P5	Sensitive Data Exposure	Sensitive Data Hardcoded	File Paths
P5	Sensitive Data Exposure	Internal IP Disclosure
P5	Sensitive Data Exposure	JSON Hijacking
P5	Sensitive Data Exposure	Via localStorage/sessionStorage	Non-Sensitive Token
P5	Cross-Site Scripting (XSS)	Stored	Self
P5	Cross-Site Scripting (XSS)	Reflected	Self
P5	Cross-Site Scripting (XSS)	Flash-Based
P5	Cross-Site Scripting (XSS)	Cookie-Based
P5	Cross-Site Scripting (XSS)	IE-Only	XSS Filter Disabled
P5	Cross-Site Scripting (XSS)	IE-Only	Older Version (< IE11)
P5	Cross-Site Scripting (XSS)	TRACE Method
P5	Broken Access Control (BAC)	Server-Side Request Forgery (SSRF)	DNS Query Only
P5	Cross-Site Request Forgery (CSRF)	Action-Specific	Logout
P5	Cross-Site Request Forgery (CSRF)	CSRF Token Not Unique Per Request
P5	Cross-Site Request Forgery (CSRF)	Flash-Based
P5	Application-Level Denial-of-Service (DoS)	App Crash	Malformed Android Intents
P5	Application-Level Denial-of-Service (DoS)	App Crash	Malformed iOS URL Schemes
P5	Unvalidated Redirects and Forwards	Open Redirect	POST-Based
P5	Unvalidated Redirects and Forwards	Open Redirect	Header-Based
P5	Unvalidated Redirects and Forwards	Open Redirect	Flash-Based
P5	Unvalidated Redirects and Forwards	Tabnabbing
P5	Unvalidated Redirects and Forwards	Lack of Security Speed Bump Page
P5	External Behavior	Browser Feature	Plaintext Password Field
P5	External Behavior	Browser Feature	Save Password
P5	External Behavior	Browser Feature	Autocomplete Enabled
P5	External Behavior	Browser Feature	Autocorrect Enabled
P5	External Behavior	Browser Feature	Aggressive Offline Caching
P5	External Behavior	CSV Injection
P5	External Behavior	Captcha Bypass	Crowdsourcing
P5	External Behavior	System Clipboard Leak	Shared Links
P5	External Behavior	User Password Persisted in Memory
P5	Insufficient Security Configurability	Weak Password Policy
P5	Insufficient Security Configurability	Password Policy Bypass
P5	Insufficient Security Configurability	Weak Password Reset Implementation	Token is Not Invalidated After Email Change
P5	Insufficient Security Configurability	Weak Password Reset Implementation	Token is Not Invalidated After Password Change
P5	Insufficient Security Configurability	Weak Password Reset Implementation	Token Has Long Timed Expiry
P5	Insufficient Security Configurability	Weak Password Reset Implementation	Token is Not Invalidated After New Token is Requested
P5	Insufficient Security Configurability	Weak Password Reset Implementation	Token is Not Invalidated After Login
P5	Insufficient Security Configurability	Verification of Contact Method not Required
P5	Insufficient Security Configurability	Lack of Notification Email
P5	Insufficient Security Configurability	Weak Registration Implementation	Allows Disposable Email Addresses
P5	Insufficient Security Configurability	Weak 2FA Implementation	Missing Failsafe
P5	Insufficient Security Configurability	Weak 2FA Implementation	2FA Code is Not Updated After New Code is Requested
P5	Insufficient Security Configurability	Weak 2FA Implementation	Old 2FA Code is Not Invalidated After New Code is Generated
P5	Using Components with Known Vulnerabilities	Rosetta Flash
P5	Using Components with Known Vulnerabilities	Outdated Software Version
P5	Using Components with Known Vulnerabilities	Captcha Bypass	OCR (Optical Character Recognition)
P5	Insecure Data Storage	Sensitive Application Data Stored Unencrypted	On Internal Storage
P5	Insecure Data Storage	Non-Sensitive Application Data Stored Unencrypted
P5	Insecure Data Storage	Screen Caching Enabled
P5	Lack of Binary Hardening	Lack of Exploit Mitigations
P5	Lack of Binary Hardening	Lack of Jailbreak Detection
P5	Lack of Binary Hardening	Lack of Obfuscation
P5	Lack of Binary Hardening	Runtime Instrumentation-Based
P5	Insecure Data Transport	Executable Download	Secure Integrity Check
P5	Network Security Misconfiguration	Telnet Enabled
P5	Mobile Security Misconfiguration	SSL Certificate Pinning	Absent
P5	Mobile Security Misconfiguration	SSL Certificate Pinning	Defeatable
P5	Mobile Security Misconfiguration	Tapjacking
P5	Mobile Security Misconfiguration	Clipboard Enabled
P5	Mobile Security Misconfiguration	Auto Backup Allowed by Default
P5	Client-Side Injection	Binary Planting	Non-Default Folder Privilege Escalation
P5	Client-Side Injection	Binary Planting	No Privilege Escalation
P5	Automotive Security Misconfiguration	RF Hub	Roll Jam
P5	Automotive Security Misconfiguration	RF Hub	Replay
P5	Automotive Security Misconfiguration	RF Hub	Relay
Varies	Server Security Misconfiguration	Unsafe Cross-Origin Resource Sharing
Varies	Server Security Misconfiguration	Path Traversal
Varies	Server Security Misconfiguration	Directory Listing Enabled	Sensitive Data Exposure
Varies	Server Security Misconfiguration	SSL Attack (BREACH, POODLE etc.)
Varies	Server Security Misconfiguration	OAuth Misconfiguration	Missing/Broken State Parameter
Varies	Server Security Misconfiguration	OAuth Misconfiguration	Insecure Redirect URI
Varies	Server Security Misconfiguration	Race Condition
Varies	Server Security Misconfiguration	Cache Poisoning
Varies	Server-Side Injection	Server-Side Template Injection (SSTI)	Custom
Varies	Broken Authentication and Session Management	Privilege Escalation
Varies	Sensitive Data Exposure	Cross Site Script Inclusion (XSSI)
Varies	Broken Access Control (BAC)	Insecure Direct Object References (IDOR)
Varies	Broken Access Control (BAC)	Exposed Sensitive Android Intent
Varies	Broken Access Control (BAC)	Exposed Sensitive iOS URL Scheme
Varies	Cross-Site Request Forgery (CSRF)	Action-Specific	Authenticated Action
Varies	Cross-Site Request Forgery (CSRF)	Action-Specific	Unauthenticated Action
Varies	Insecure Data Transport	Cleartext Transmission of Sensitive Data
Varies	Indicators of Compromise