Security Test: Console Error¶
Description¶
Default Severity:
The error means that something went wrong in the code running on the page, and it showed up in the browser’s console. While it might seem like just a glitch, it can sometimes indicate that internal details about your app are being exposed—information that could help an attacker figure out weaknesses or the technology stack you’re using. This vulnerability often comes from a mix of coding mistakes and insufficient error handling, especially if detailed error messages are left on in a production environment. Developers might overlook sanitizing inputs or catching exceptions properly, which can lead to exposing more information than intended. Left unchecked, these issues not only confuse users but also increase the risk of security breaches by giving potential attackers tools to probe your application.
Configuration¶
Identifier:
information_disclosure/console_error
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API8:2023 |
| OWASP LLM Top 10 | LLM02:2023 |
| PCI DSS | 6.5.5 |
| GDPR | Article-32 |
| SOC2 | CC7 |
| PSD2 | Article-95 |
| ISO 27001 | A.12.6 |
| NIST | SP800-92 |
| FedRAMP | SI-11 |
| CWE | 209 |
| CVSS Vector | 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |