Description

This secure (https) page contains a form that is posting to an insecure (http) page. This could confuse users who may think their data is encrypted when in fact it's not.

Remediation

The form target should point to a secure (https) page.

References

OWASP - Transport Layer Protection Cheat Sheet

CWE-319: Cleartext Transmission of Sensitive Information

Related Vulnerabilities

Arbitrary local file read via file upload

Pyramid DebugToolbar enabled

Lucee Stacktrace Information Disclosure

PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32028)

WordPress Plugin RocketTheme RokBox Multiple Vulnerabilities (2.13)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Sensitive Data Not Over Ssl