Scala : Hidden HTML field

Classification

HIPAA

§164.312 (e)(1)

CWE

CWE-472

Overview

The application uses a hidden field.

The developer could assume that users would not see the hidden field and would not be able to manipulate the data transferred through it. It is not so: attackers can transfer data, including malicious data, to hidden fields.

A hidden field must not be used to transfer valuable information. Its contents are cached by the browser, which can lead to data confidentiality loss.

References

CWE-472: External Control of Assumed-Immutable Web Parameter
OWASP Top 10 2013-A6-Sensitive Data Exposure

LOW

Scala : Hidden HTML field

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Scala : Hidden HTML field in your application?

See also

Scala : Unreleased resource stream

Scala : Multiple loggers in same class

Scala : Insufficient encryption key length