Critical
Showing all detectors for the Java language with critical severity.
Passing data from an untrusted source into a cookie or web response might expose the user to HTTP response splitting attacks.
Hardcoded credentials can be intercepted by malicious actors.
Scripts generated from unsanitized inputs can lead to malicious behavior and inadvertently running code remotely.
Session fixation might allow an attacker to steal authenticated session IDs.
Weak, broken, or misconfigured cryptography can lead to security vulnerabilities.