Infographic: Web Vulnerabilities in Q3 2022

edb report infographic cover

The overall number of web vulnerabilities during the third quarter of 2022 remains relatively low, with cross-site scripting and remote code execution making up over two-thirds of all new web vulnerabilities.

See how WAPPLES protect against zero-day and known application vulnerabilities.


2022 Q3 EDB Report Infographic


(Accessibility version below)

Penta Security’s Security Evaluations Team and Cloudbric’s Security Technology Team observed 23 cases of web application vulnerabilities between July and September 2022. A total of 6 cases were observed in July, followed by 9 in August, and 8 in September. Cross-site scripting and remote code execution make up over two-thirds of all web vulnerabilities disclosed during this period.

Below is a breakdown of their CVSS scores:

  • The proportion of high-severity vulnerabilities increased from 0 in July and August to 12.5% in September.
  • The proportion of medium-severity vulnerabilities decreased from 66.67% in July to 33.33% in August, then to 37.5% in September.
  • The proportion of low-severity vulnerabilities ranged between 33.33% and 66.67% during the same period.

Top 5 Web Vulnerabilities Trend:

  1. Cross-Site Scripting – A type of injection where malicious scripts are injected into benign websites to target their users.
  2. Remote Code Execution – An attack that allows the remote execution of commands on the victim’s computer, usually through the installation of malware.
  3. SQL Injection – An injection of malicious SQL queries via the input data from the client to the web application server.
  4. Others
  5. File Inclusion