Infographic: Web Vulnerabilities in Q3 2022
The overall number of web vulnerabilities during the third quarter of 2022 remains relatively low, with cross-site scripting and remote code execution making up over two-thirds of all new web vulnerabilities.
See how WAPPLES protect against zero-day and known application vulnerabilities.
(Accessibility version below)
Penta Security’s Security Evaluations Team and Cloudbric’s Security Technology Team observed 23 cases of web application vulnerabilities between July and September 2022. A total of 6 cases were observed in July, followed by 9 in August, and 8 in September. Cross-site scripting and remote code execution make up over two-thirds of all web vulnerabilities disclosed during this period.
Below is a breakdown of their CVSS scores:
- The proportion of high-severity vulnerabilities increased from 0 in July and August to 12.5% in September.
- The proportion of medium-severity vulnerabilities decreased from 66.67% in July to 33.33% in August, then to 37.5% in September.
- The proportion of low-severity vulnerabilities ranged between 33.33% and 66.67% during the same period.
Top 5 Web Vulnerabilities Trend:
- Cross-Site Scripting – A type of injection where malicious scripts are injected into benign websites to target their users.
- Remote Code Execution – An attack that allows the remote execution of commands on the victim’s computer, usually through the installation of malware.
- SQL Injection – An injection of malicious SQL queries via the input data from the client to the web application server.
- Others
- File Inclusion