Multiple HREFs Redirect Detected (Potential Sensitive Information Leak)
- Risk:
Low
- Type:
- Passive
- CWE:
- CWE-201
- Summary
The server has responded with a redirect that seems to contain multiple links. This may indicate that although the server sent a redirect it also responded with body content links (which may include sensitive details, PII, lead to admin panels, etc.).
- Solution
Ensure that no sensitive information is leaked via redirect responses. Redirect responses should have almost no content.
- Other info
- The response contained 3 occurrences of "HREF".
Microsoft Outlook stops displaying inline SVG images used in attacks
HackerOne paid $81 million in bug bounties over the past year
Brave browser surpasses the 100 million active monthly users mark
Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware
Microsoft Defender bug triggers erroneous BIOS update alerts
Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown
Automating Pentest Delivery: 7 Key Workflows for Maximum Impact
ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More
Google Mandiant Probes New Oracle Extortion Wave Possibly Linked to Cl0p Ransomware
CVE-2025-4008 Smartbedded Meteobridge Command Injection Vulnerability
CVE-2025-21043 Samsung Mobile Devices Out-of-Bounds Write Vulnerability
CVE-2015-7755 Juniper ScreenOS Improper Authentication Vulnerability
CVE-2017-1000353 Jenkins Remote Code Execution Vulnerability
CVE-2021-21311 Adminer Server-Side Request Forgery Vulnerability
CVE-2025-10035 Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability
CVE-2025-59689 Libraesva Email Security Gateway Command Injection Vulnerability
CVE-2025-32463 Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability
InformationalNon-Storable Content
CWE-1434 Insecure Setting of Generative AI/ML Model Inference Parameters
CWE-359 Exposure of Private Personal Information to an Unauthorized Actor
HighCWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE-1431 Driving Intermediate Cryptographic State/Results to Hardware Module Outputs
CWE-1429 Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface
Free online web security scanner