Application Error Disclosure via WebSockets
- Risk:
Medium
- Type:
- WebSocket Passive
- CWE:
- CWE-209
- Summary
This payload contains an error/warning message that may disclose sensitive information like the location of the file that produced the unhandled exception. This information can be used to launch further attacks against the web application.
- Solution
Review the error payloads which are piped directly to WebSockets. Handle the related exceptions. Consider implementing a mechanism to provide a unique error reference/identifier to the client (browser) while logging the details on the server side and not exposing them to the user.
New CoPhish attack steals OAuth tokens via Copilot Studio agents
Hackers launch mass attacks exploiting outdated WordPress plugins
Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation
Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation
Critical WSUS flaw in Windows Server now exploited in attacks
APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign
Mozilla: New Firefox extensions must disclose data collection practices
Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287)
CVE-2025-54236 Adobe Commerce and Magento Improper Input Validation Vulnerability
CVE-2025-61884 Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability
CVE-2025-33073 Microsoft Windows SMB Client Improper Access Control Vulnerability
CVE-2022-48503 Apple Multiple Products Unspecified Vulnerability
CVE-2025-54253 Adobe Experience Manager Forms Code Execution Vulnerability
CVE-2016-7836 SKYSEA Client View Improper Authentication Vulnerability
InformationalCharset Mismatch
InformationalUser Controllable HTML Element Attribute (Potential XSS)
LowStrict-Transport-Security Max-Age Malformed (Non-compliant with Spec)
MediumHidden File Found
InformationalASP.NET ViewState Disclosure
InformationalGraphQL Endpoint Supports Introspection
InformationalCORS Header
MediumBuffer Overflow
Free online web security scanner