Session Fixation
Unvalidated Redirects and Forwards
Sensitive Data Exposure
Unvalidated Redirects and Forwards
Sensitive Information Leak to third-parties
Remote Code Execution (RCE)
Weak Password Reset Implementation
Cross-site Scripting (XSS) - DOM
Information Exposure
Sensitive Directory/File Contents Disclosed