Skip to content

Information Disclosure: Console Error

Identifier: console_error

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

The error means that something went wrong in the code running on the page, and it showed up in the browsers console. While it might seem like just a glitch, it can sometimes indicate that internal details about your app are being exposedinformation that could help an attacker figure out weaknesses or the technology stack youre using. This vulnerability often comes from a mix of coding mistakes and insufficient error handling, especially if detailed error messages are left on in a production environment. Developers might overlook sanitizing inputs or catching exceptions properly, which can lead to exposing more information than intended. Left unchecked, these issues not only confuse users but also increase the risk of security breaches by giving potential attackers tools to probe your application.

Configuration

Example

Example configuration:

---
security_tests:
  console_error:
    assets_allowed:
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.