Polished list of vulnerabilities on "README"

jtsimoes · web-flow · commit 1295031fd753 · 2021-11-11T13:21:07.000Z
diff --git a/README.md b/README.md
@@ -4,7 +4,7 @@
 
 Departamento de Electrónica, Telecomunicações e Informática - Universidade de Aveiro
 
-**Professor:** João Paulo Barraca
+**Teacher:** João Paulo Barraca
 
 ## Table of contents:
 1. [About](#about)
@@ -37,18 +37,19 @@ The web server will, then, be running on localhost:80.
 
 ### Vulnerabilities
 
-- [x] [CWE-79](https://cwe.mitre.org/data/definitions/79.html) - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
-- [x] [CWE-89](https://cwe.mitre.org/data/definitions/89.html) - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
-- [x] [CWE-200](https://cwe.mitre.org/data/definitions/200.html) - Exposure of Sensitive Information to an Unauthorized Actor
-- [x] [CWE-256](https://cwe.mitre.org/data/definitions/256.html) - Plaintext Storage of a Password & [CWE-311](https://cwe.mitre.org/data/definitions/311.html) - Missing Encryption of Sensitive Data & [CWE-522](https://cwe.mitre.org/data/definitions/522.html) - Insufficiently Protected Credentials
-- [x] [CWE-306](https://cwe.mitre.org/data/definitions/306.html) - Missing Authentication for Critical Function
-- [x] [CWE-434](https://cwe.mitre.org/data/definitions/434.html) - Unrestricted Upload of File with Dangerous Type
-- [x] [CWE-451](https://cwe.mitre.org/data/definitions/451.html) - User Interface (UI) Misrepresentation of Critical Information
-- [x] [CWE-532](https://cwe.mitre.org/data/definitions/532.html) - Insertion of Sensitive Information into Log File
-- [x] [CWE-549](https://cwe.mitre.org/data/definitions/549.html) - Missing Password Field Masking
-- [x] [CWE-552](https://cwe.mitre.org/data/definitions/552.html) - Files or Directories Accessible to External Parties
-- [x] [CWE-799](https://cwe.mitre.org/data/definitions/799.html) - Improper Control of Interaction Frequency
-- [x] [CWE-862](https://cwe.mitre.org/data/definitions/862.html) - Missing Authorization
+- [CWE-79](https://cwe.mitre.org/data/definitions/79.html) - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
+- [CWE-89](https://cwe.mitre.org/data/definitions/89.html) - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
+- [CWE-200](https://cwe.mitre.org/data/definitions/200.html) - Exposure of Sensitive Information to an Unauthorized Actor
+- [CWE-256](https://cwe.mitre.org/data/definitions/256.html) - Plaintext Storage of a Password & [CWE-311](https://cwe.mitre.org/data/definitions/311.html) - Missing Encryption of Sensitive Data
+- [CWE-306](https://cwe.mitre.org/data/definitions/306.html) - Missing Authentication for Critical Function
+- [CWE-425](https://cwe.mitre.org/data/definitions/425.html) - Direct Request ('Forced Browsing') & [CWE-288](https://cwe.mitre.org/data/definitions/288.html) - Authentication Bypass Using an Alternate Path or Channel
+- [CWE-434](https://cwe.mitre.org/data/definitions/434.html) - Unrestricted Upload of File with Dangerous Type & [CWE-20](https://cwe.mitre.org/data/definitions/20.html) - Improper Input Validation
+- [CWE-472](https://cwe.mitre.org/data/definitions/472.html) - External Control of Assumed-Immutable Web Parameter
+- [CWE-532](https://cwe.mitre.org/data/definitions/532.html) - Insertion of Sensitive Information into Log File
+- [CWE-549](https://cwe.mitre.org/data/definitions/549.html) - Missing Password Field Masking
+- [CWE-552](https://cwe.mitre.org/data/definitions/552.html) - Files or Directories Accessible to External Parties
+- [CWE-799](https://cwe.mitre.org/data/definitions/799.html) - Improper Control of Interaction Frequency & [CWE-307](https://cwe.mitre.org/data/definitions/307.html) - Improper Restriction of Excessive Authentication Attempts
+- [CWE-862](https://cwe.mitre.org/data/definitions/862.html) - Missing Authorization & [CWE-522](https://cwe.mitre.org/data/definitions/522.html) - Insufficiently Protected Credentials
 
 ### Authors
 
