Emails Found in the Viewstate

Home/Alerts/Alert detail/

Risk:
Medium

Type:
Passive

CWE:
CWE-642

Summary: The following emails were found being serialized in the viewstate field:

Solution: Verify the provided information isn't confidential.

Other info: []

Latest Security News

Canada Orders TikTok to Shut Down Canadian Operations Over Security Concerns

Hackers increasingly use Winos4.0 post-exploitation kit in attacks

Microsoft Notepad to get AI-powered rewriting tool on Windows 11

Cisco bug lets hackers run commands as root on UWRB access points

New SteelFox malware hijacks Windows PCs using vulnerable driver

VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware

Washington courts' systems offline following weekend cyberattack

Germany drafts law to protect researchers who find security flaws

Common Alerts

HighSource Code Disclosure - CVE-2012-1823

HighServer Side Code Injection - ASP Code Injection

LowServer Leaks Version Information via "Server" HTTP Response Header Field

InformationalInformation Disclosure - Suspicious Comments

HighRemote OS Command Injection

HighLog4Shell (CVE-2021-45046)

MediumContent Security Policy (CSP) Header Not Set

MediumMultiple X-Frame-Options Header Entries

MediumInformation Disclosure - JWT in Browser localStorage

LowInformation Disclosure - Sensitive Information in Browser sessionStorage

Latest CVE List

CVE-2024-8957 PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability

CVE-2024-8956 PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability

CVE-2024-20481 Cisco ASA and FTD Denial-of-Service Vulnerability

CVE-2024-37383 RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability

CVE-2024-47575 Fortinet FortiManager Missing Authentication Vulnerability

CVE-2024-38094 Microsoft SharePoint Deserialization Vulnerability

CVE-2024-9537 ScienceLogic SL1 Unspecified Vulnerability

CVE-2024-40711 Veeam Backup and Replication Deserialization Vulnerability

CVE-2024-30088 Microsoft Windows Kernel TOCTOU Race Condition Vulnerability

CVE-2024-9680 Mozilla Firefox Use-After-Free Vulnerability

Common CWEs

CWE-350 Reliance on Reverse DNS Resolution for a Security-Critical Action

CWE-231 Improper Handling of Extra Values

HighCWE-649 Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking

HighCWE-121 Stack-based Buffer Overflow

HighCWE-327 Use of a Broken or Risky Cryptographic Algorithm

CWE-842 Placement of User into Incorrect Group

CWE-616 Incomplete Identification of Uploaded File Variables (PHP)

CWE-1187 DEPRECATED: Use of Uninitialized Resource

CWE-1090 Method Containing Access of a Member Element from Another Class

CWE-1052 Excessive Use of Hard-Coded Literals in Initialization

Free security scan for your website

Don't show website scan report rating on the leaderboard