| Vulnerabilities | Severity |
| 1) Cross Site Scripting | HIGH |
| 2) File Upload Vulnerability | HIGH |
| 3) Directory Listing Vulnerability | HIGH |
| 4) Unencrypted Login Pages | HIGH |
| 5) Session Hijacking | HIGH |
| 6) Cross Site Request Forgery(csrf) | HIGH |
| 7) Weak Captcha Implementation | MEDIUM |
| 8) Cross Frame Scripting(css) | MEDIUM |
| 9)Internal Error Handling | MEDIUM |
| 10)Cookies are not marked as HTTPOnly | LOW |
Recommendations
• Random Tokens should be used on all critical operations.
• Ensure good and secure Session Management practices are followed.
• Configure the application to disable any kind of browsable directories
• Coding flaws and configuration flaws should be remediated immediately.
• Special characters should be filtered by the Web Application to prevent SQL
Injection and cross site scripting.
• Username and password forms should be encrypted and HTTPS should be used.
• Make sure the web server and application server are configured in a secure way.
• Ensure that none of the error messages of response pages disclose any kind of
information about the underlying systems.
• Secure Coding Methodologies should be followed to eliminate discrepancies and
prevent disclosure of information