Description

This form is served from an insecure page (http) page. This page could be hijacked using a Man-in-the-middle attack and an attacker can replace the form target.

Remediation

The form should be served from a secure (https) page.

Related Vulnerabilities

Apache Solr endpoint

.htaccess file readable

Drupal Backup Migrate directory publicly accessible

WordPress Plugin WP SlackSync Information Disclosure (1.8.5)

WordPress Plugin MapSVG Lite Arbitrary File Disclosure (4.2.3.1)

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Information Disclosure