Infographic: Web Vulnerabilities in Q2 2022
The overall number of web vulnerabilities during the second quarter of 2022 decreased significantly from previous quarters. Yet, SQL injection and cross-site scripting make up over half of all new web vulnerabilities.
See how WAPPLES protect against zero-day and known application vulnerabilities.
(Accessibility version below)
Penta Security’s Security Evaluations Team and Cloudbric’s Security Technology Team observed 33 cases of web application vulnerabilities between April and June 2022. A total of 7 cases were observed in April, followed by 14 in May, and 12 in June. SQL injection and cross-site scripting make up over half of all web vulnerabilities disclosed during this period.
Below is a breakdown of their CVSS scores:
- The proportion of high-severity vulnerabilities increased from 14.29% in April to 21.43% in May, then decreased to 8.33% in June.
- The proportion of medium-severity vulnerabilities decreased from 85.71% in April to 71.43% in May and 41.67% in June.
- The proportion of low-severity vulnerabilities increased from 0 to 50% during the same period.
Top 5 Web Vulnerabilities Trend:
- SQL Injection – An injection of malicious SQL queries via the input data from the client to the web application server.
- Cross-Site Scripting – A type of injection where malicious scripts are injected into benign websites to target their users.
- Remote Code Execution – An attack that allows the remote execution of commands on the victim’s computer, usually through the installation of malware.
- Others
- File Inclusion