CWE-525 Information Exposure Through the Browser
Coverage: 5 rules in the SiteShadow rule registry target this CWE (registry v2.0.0). Regex 5 Also: Taint and heuristic analyzers may also detect related flows (see coverage for the authoritative list) Registry tagging shows intent, for sample-level behaviour and benchmarked gaps see known gaps.
What this means
SiteShadow flagged sensitive data being exposed in browser-accessible places (URLs, DOM, caches, client-side storage, referrers) where it can leak to other origins, extensions, shared devices, or support tooling.
Why it matters
Browser-exposed data can leak through history, caches, or UI.
- Token leakage via URLs/referrers (see
CWE-598). - Shared-device exposure if sensitive data is cached or persisted.
- XSS amplification: if sensitive data is in the DOM/storage, XSS can exfiltrate it.
Safer examples
1) Don't put secrets in the browser
Avoid placing tokens/passwords in query strings, DOM attributes, or JS-accessible storage.
2) Use secure cookies and server-side sessions
Prefer HttpOnly cookies and server-side session state where feasible (see S02 / CWE-614).
3) Use cache controls for sensitive pages
Disable caching where appropriate (varies by app and content sensitivity).
How SiteShadow detects it (high level)
- Flags sensitive values in URL construction, client-side storage, and HTML/DOM sinks.
- Uses heuristics for token/credential/PII-like keys in browser contexts.
References
- CWE-525: https://cwe.mitre.org/data/definitions/525.html
---
← Back to Vulnerability Library
Catch this with SiteShadow Pro.
This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.