Insecure direct object reference
Application/Business Logic
Auth issues
Info leak
Open Redirect
Reflective XSS
Authorisation Issue
Stored XSS