Description

This secure (https) page contains a form that is posting to an insecure (http) page. This could confuse users who may think their data is encrypted when in fact it's not.

Remediation

The form target should point to a secure (https) page.

References

OWASP - Transport Layer Protection Cheat Sheet

CWE-319: Cleartext Transmission of Sensitive Information

Related Vulnerabilities

Stack Trace Disclosure (NodeJS)

YOURLS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3824)

F5 BIG-IP Cookie Information Disclosure

WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker Multiple Vulnerabilities (7.3.10)

WordPress Plugin Contact Form 7 Database Information Disclosure (1.3)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Sensitive Data Not Over Ssl