| JSON Hijacking (aka JavaScript Hijacking) |
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-352
|
Cross-Site Request Forgery (CSRF)
|
|
| Cross-Domain Search Timing |
|
CWE-208
|
Observable Timing Discrepancy
|
|
CWE-352
|
Cross-Site Request Forgery (CSRF)
|
|
CWE-385
|
Covert Timing Channel
|
|
| Cross Site Identification |
|
CWE-352
|
Cross-Site Request Forgery (CSRF)
|
|
CWE-359
|
Exposure of Private Personal Information to an Unauthorized Actor
|
|
| Cross Site Request Forgery |
|
CWE-306
|
Missing Authentication for Critical Function
|
|
CWE-352
|
Cross-Site Request Forgery (CSRF)
|
|
CWE-664
|
Improper Control of a Resource Through its Lifetime
|
|
CWE-732
|
Incorrect Permission Assignment for Critical Resource
|
|
CWE-1275
|
Sensitive Cookie with Improper SameSite Attribute
|
|