We encourage the coordinated disclosure of the following eligible web application vulnerabilities:
- Authentication/Authorization
- Cross-site scripting (XSS)
- Cryptography
- Cross-site request forgery (CSRF) in a privileged context
- HTTP response splitting
- Injection vulnerabilities
- Information leakage
- URL redirector abuse
Others, Including:
- Server-side code execution/remote code execution
- XML attacks
- Directory traversal
- Significant security misconfiguration