Description

This secure (https) page contains a form that is posting to an insecure (http) page. This could confuse users who may think their data is encrypted when in fact it's not.

Remediation

The form target should point to a secure (https) page.

References

OWASP - Transport Layer Protection Cheat Sheet

CWE-319: Cleartext Transmission of Sensitive Information

Related Vulnerabilities

Stack Trace Disclosure (ColdFusion)

Apache Axis2 xsd local file inclusion

SVN Detected

WordPress Plugin WP-RecentComments Information Disclosure (2.2.7)

Bitrix server test script publicly accessible

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Sensitive Data Not Over Ssl