Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Insecure transition from HTTPS to HTTP in form post - Vulnerability Database

Insecure transition from HTTPS to HTTP in form post

Description

This secure (https) page contains a form that is posting to an insecure (http) page. This could confuse users who may think their data is encrypted when in fact it's not.

Remediation

The form target should point to a secure (https) page.

References

OWASP - Transport Layer Protection Cheat Sheet
CWE-319: Cleartext Transmission of Sensitive Information

Related Vulnerabilities

Insecure transition from HTTP to HTTPS in form post Medium
Common tags: Information Disclosure Sensitive Data Not Over SSL
Trace.axd Detected High
Common tags: Information Disclosure
WordPress Plugin Google Doc Embedder Arbitrary File Disclosure (2.4.6) High
Common tags: Information Disclosure
WordPress Plugin Slideshow Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (2.1.12) High
Common tags: Information Disclosure
WordPress Plugin Social Discussions Remote File Include and Information Disclosure Vulnerabilities (6.1.1) High
Common tags: Information Disclosure

Severity

Low

Classification

CWE-200
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure
Sensitive Data Not Over SSL