Bugsy

DEMO
Back to Marketing
DU

Demo User

demo@acmebank.com

Back to Projects

Customer Portal Frontend

React-based customer dashboard for account management and transactions

Project Details

Repository
github.com/acmebank/customer-portal
Framework
React
Languages
TypeScriptCSS
Last Scan
4/16/2024
completed

Security Findings

2
Critical
3
High
8
Medium
4
Low
17
Total Findings

Security Findings (17 of 17)

SQL Injection vulnerability in payment validation

Security vulnerability found in src/api/payments.py. This is a critical issue that requires immediate attention.

critical
src/api/payments.py:160
CWE-89
86% confidence
Recommendation: Immediately patch this vulnerability by following security best practices.

Hardcoded API key in configuration

Security vulnerability found in config/settings.py. This is a critical issue that requires immediate attention.

critical
config/settings.py:135
CWE-798
83% confidence
Recommendation: Immediately patch this vulnerability by following security best practices.

Missing input validation on amount field

Security vulnerability found in src/api/transactions.py. This is a high-priority security concern.

high
src/api/transactions.py:280
CWE-20
97% confidence
Recommendation: Prioritize fixing this vulnerability by following security best practices.

Cross-site scripting (XSS) in user profile

Security vulnerability found in src/components/Profile.jsx. This is a high-priority security concern.

high
src/components/Profile.jsx:144
CWE-79
72% confidence
Recommendation: Prioritize fixing this vulnerability by following security best practices.

Insecure direct object reference

Security vulnerability found in src/api/accounts.py. This is a high-priority security concern.

high
src/api/accounts.py:337
CWE-639
81% confidence
Recommendation: Prioritize fixing this vulnerability by following security best practices.

Weak password requirements

Security vulnerability found in src/auth/validators.py. This issue should be addressed in the next development cycle.

medium
src/auth/validators.py:219
CWE-521
91% confidence
Recommendation: Schedule remediation for this vulnerability by following security best practices.

Missing CSRF protection

Security vulnerability found in src/middleware/csrf.py. This issue should be addressed in the next development cycle.

medium
src/middleware/csrf.py:484
CWE-352
96% confidence
Recommendation: Schedule remediation for this vulnerability by following security best practices.

Information disclosure in error messages

Security vulnerability found in src/utils/errors.py. This issue should be addressed in the next development cycle.

medium
src/utils/errors.py:415
CWE-209
83% confidence
Recommendation: Schedule remediation for this vulnerability by following security best practices.

Race condition in transaction processing

Security vulnerability found in src/api/transactions.py. This issue should be addressed in the next development cycle.

medium
src/api/transactions.py:441
CWE-362
75% confidence
Recommendation: Schedule remediation for this vulnerability by following security best practices.

Buffer overflow in data parsing

Security vulnerability found in src/parsers/xml.c. This issue should be addressed in the next development cycle.

medium
src/parsers/xml.c:267
CWE-120
75% confidence
Recommendation: Schedule remediation for this vulnerability by following security best practices.

Improper authentication handling

Security vulnerability found in src/auth/middleware.py. This issue should be addressed in the next development cycle.

medium
src/auth/middleware.py:342
CWE-287
73% confidence
Recommendation: Schedule remediation for this vulnerability by following security best practices.

Path traversal vulnerability

Security vulnerability found in src/api/files.py. This issue should be addressed in the next development cycle.

medium
src/api/files.py:139
CWE-22
91% confidence
Recommendation: Schedule remediation for this vulnerability by following security best practices.

Unvalidated redirect and forward

Security vulnerability found in src/controllers/redirect.py. This issue should be addressed in the next development cycle.

medium
src/controllers/redirect.py:36
CWE-601
74% confidence
Recommendation: Schedule remediation for this vulnerability by following security best practices.

Insufficient session expiration

Security vulnerability found in src/auth/sessions.py. This is a low-priority issue that can be addressed when convenient.

low
src/auth/sessions.py:472
CWE-613
77% confidence
Recommendation: Consider addressing this vulnerability by following security best practices.

Missing encryption of sensitive data

Security vulnerability found in src/models/user.py. This is a low-priority issue that can be addressed when convenient.

low
src/models/user.py:348
CWE-311
73% confidence
Recommendation: Consider addressing this vulnerability by following security best practices.

Command injection in file processing

Security vulnerability found in src/utils/fileops.py. This is a low-priority issue that can be addressed when convenient.

low
src/utils/fileops.py:66
CWE-78
86% confidence
Recommendation: Consider addressing this vulnerability by following security best practices.

Improper access control

Security vulnerability found in src/api/admin.py. This is a low-priority issue that can be addressed when convenient.

low
src/api/admin.py:95
CWE-285
83% confidence
Recommendation: Consider addressing this vulnerability by following security best practices.