Java : Hidden HTML field

Classification

HIPAA

§164.312 (e)(1)

CWE

CWE-472

Overview

The application uses a hidden field.

The developer could assume that users would not see the hidden field and would not be able to manipulate the data transferred through it. It is not so: attackers can transfer data, including malicious data, to hidden fields.

A hidden field must not be used to transfer valuable information. Its contents are cached by the browser, which can lead to data confidentiality loss.

References

CWE-472: External Control of Assumed-Immutable Web Parameter
OWASP Top 10 2013-A6-Sensitive Data Exposure

LOW

Java : Hidden HTML field

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Java : Hidden HTML field in your application?

See also

Java : Race condition

Java : Text4Shell Vulnerability

Java : JNI usage