Based on more than a year of data, this is the industry’s only report focused solely on previously unknown vulnerabilities on publicly facing websites. The report shows that nine out of ten websites have serious vulnerabilities that make them targets for malicious online attacks. Cross-site Scripting (XSS) remains the top vulnerability class, appearing in approximately three quarters of websites, while Information Leakage is the top vulnerability class of the overall population.