Infographic: Web Vulnerabilities in Q2 2022

edb report infographic thumbnail

The overall number of web vulnerabilities during the second quarter of 2022 decreased significantly from previous quarters. Yet, SQL injection and cross-site scripting make up over half of all new web vulnerabilities.

See how WAPPLES protect against zero-day and known application vulnerabilities.


2022 Q2 EDB Report Infographic


(Accessibility version below)

Penta Security’s Security Evaluations Team and Cloudbric’s Security Technology Team observed 33 cases of web application vulnerabilities between April and June 2022. A total of 7 cases were observed in April, followed by 14 in May, and 12 in June. SQL injection and cross-site scripting make up over half of all web vulnerabilities disclosed during this period.

Below is a breakdown of their CVSS scores:

  • The proportion of high-severity vulnerabilities increased from 14.29% in April to 21.43% in May, then decreased to 8.33% in June.
  • The proportion of medium-severity vulnerabilities decreased from 85.71% in April to 71.43% in May and 41.67% in June.
  • The proportion of low-severity vulnerabilities increased from 0 to 50% during the same period.

Top 5 Web Vulnerabilities Trend:

  1. SQL Injection – An injection of malicious SQL queries via the input data from the client to the web application server.
  2. Cross-Site Scripting – A type of injection where malicious scripts are injected into benign websites to target their users.
  3. Remote Code Execution – An attack that allows the remote execution of commands on the victim’s computer, usually through the installation of malware.
  4. Others
  5. File Inclusion