Complimentary 90-day, on-prem license available for entities involved in Covid19 response.
Summary

Netsparker identified an Email Address Disclosure.

Impact
Email addresses discovered within the application can be used by both spam email engines and also brute-force tools. Furthermore, valid email addresses may lead to social engineering attacks.
Remediation
Use generic email addresses such as contact@ or info@ for general communications and remove user/people-specific email addresses from the website; should this be required, use submission forms for this purpose.
Classifications
CAPEC-118, CWE-200, ISO27001-A.9.4.1, WASC-13, OWASP PC-C7 , CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities

OR

Search Vulnerability

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO