Security Audit Report

SECURITY-AUDIT-2026-04-25.pdf

3 findingsScanned Apr 25, 2026

suastore.com

App Router

3High

Attack Surface

Routes

Query Params

Custom Headers

GET

/account

GET

/account/notifications

UNKNOWN

/api

POST

/api/auth/password/request-code

POST

/api/auth/password/verify

POST

/api/auth/register/request-code

POST

/api/auth/register/verify

UNKNOWN

/api/auth/signin

POST

/api/notifications/clear

POST

/api/notifications/mark-read

POST

/api/notifications/mark-seen

GET

/api/notifications/me

?limit

POST

/api/notifications/push/subscribe

POST

/api/store-visit

GET

/cart

GET

/catalog

?promo

GET

/checkout

GET

/favorites

GET

/manifest.webmanifest

GET

/orders

GET

/portal/forgot

GET

/portal/login

GET

/portal/signup

GET

/reviews

manager_key

Security Findings

3 findings redacted

HIGH

Cross-site scripting vulnerability

User input rendered without proper sanitization.

#1 of 3

HIGH

SQL injection risk detected

Database queries constructed using unsanitized user input.

#2 of 3

HIGH

Insecure deserialization

Untrusted data deserialized without validation.

#3 of 3

Other Recent Reports

View all security reports →

suastore.com

Attack Surface

Routes (24)

Custom Headers (1)

Security Findings

Cross-site scripting vulnerability

SQL injection risk detected

Insecure deserialization