2

staging.acme-payments.example.com

Created

04.25.2026

Status

Completed

Team

1Crit
2High
3Med
2Low

Assessment Timeline

SeverityTitleIDStatus
CriticalAuthentication bypass via JWT none-algorithm acceptanceAIS-DEMO-BBX-001Open
HighStored XSS in customer notes (admin view)AIS-DEMO-BBX-002Open
HighIDOR on order export — cross-tenant readAIS-DEMO-BBX-003Open
MediumOpen redirect on post-login URL parameterAIS-DEMO-BBX-004Open
MediumSensitive endpoint reachable without authenticationAIS-DEMO-BBX-005Open
MediumMissing rate limit on login endpointAIS-DEMO-BBX-006Open
LowVerbose 500 errors leak Django stack tracesAIS-DEMO-BBX-007Open
LowCookie set without `HttpOnly` / `Secure` flagsAIS-DEMO-BBX-008Open
Show
Page 1 of 1
DEMO