2

acme-payments.example.com

Created

04.22.2026

Status

Completed

Team

1Crit
3High
4Med
3Low

Assessment Timeline

SeverityTitleIDStatus
CriticalHard-coded service-account secret in repositoryAIS-DEMO-WBX-001Open
HighSQL injection via raw query in admin searchAIS-DEMO-WBX-002Open
HighServer-side request forgery in webhook deliveryAIS-DEMO-WBX-003Open
HighMissing authorisation on order export endpointAIS-DEMO-WBX-004Open
MediumInsecure JWT signing key derived from env defaultsAIS-DEMO-WBX-005Open
MediumXSS via unescaped customer notes in admin UIAIS-DEMO-WBX-006Open
MediumCryptographic operation uses MD5 for password reset tokensAIS-DEMO-WBX-007Open
MediumMisconfigured CORS allows any origin with credentialsAIS-DEMO-WBX-008Open
LowVerbose error responses leak stack traces in productionAIS-DEMO-WBX-009Open
LowSecrets logged in payment retry handlerAIS-DEMO-WBX-010Open
LowMissing rate limit on password reset request endpointAIS-DEMO-WBX-011Open
InfoRepository contains stale test fixtures with real customer dataAIS-DEMO-WBX-012Open
Show
Page 1 of 1
DEMO