SiteShadow
Back to vulnerability library
Detected byCWE-aware static analysisPro

CWE-525 Information Exposure Through the Browser

Coverage: 5 rules in the SiteShadow rule registry target this CWE (registry v2.0.0). Regex 5 Also: Taint and heuristic analyzers may also detect related flows (see coverage for the authoritative list) Registry tagging shows intent, for sample-level behaviour and benchmarked gaps see known gaps.

What this means

SiteShadow flagged sensitive data being exposed in browser-accessible places (URLs, DOM, caches, client-side storage, referrers) where it can leak to other origins, extensions, shared devices, or support tooling.

Why it matters

Browser-exposed data can leak through history, caches, or UI.

Safer examples

1) Don't put secrets in the browser

Avoid placing tokens/passwords in query strings, DOM attributes, or JS-accessible storage.

2) Use secure cookies and server-side sessions

Prefer HttpOnly cookies and server-side session state where feasible (see S02 / CWE-614).

3) Use cache controls for sensitive pages

Disable caching where appropriate (varies by app and content sensitivity).

How SiteShadow detects it (high level)

References

---

← Back to Vulnerability Library

Catch this with SiteShadow Pro.

This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.