Web & Mobile

This is a vulnerability classification table for web & mobile applications (v2.0)

We use the Common Vulnerability Scoring System to assess the severity of your vulnerability.


  • Payments manipulation

  • SQLi

  • Remote code execution (RCE)

  • Business logic issues that can cause a loss of user funds/assets

  • Command Injection


  • Subdomain takeover (on linked to wallets domain)

  • Stored XSS

  • Server-Side Request Forgery (SSRF)

  • Leakage of sensitive user information (greater than 15%)

  • File Inclusion


  • Reflected XSS

  • Subdomain takeover

  • 2FA Bypass

  • Leakage of sensitive user information (3% -15%)

  • Cross-Site Request Forgery (CSRF)


  • HTML injection

  • No Rate Limiting on Form

  • Content Spoofing

  • Broken Link Hijacking

Last updated