Masue, W. G.Ngondya, D.Kondo, T. S.2024-08-302024-08-302024Masue, W. G., Ngondya, D., & Kondo, T. S. (2024). Quantifying Vulnerabilities: A Systematic Review of the State-of-the-Art Web-Based Systems. Journal of ICT Systems, 2(1), 72-86.URL: https://jicts.udsm.ac.tz/index.php/udsm/article/view/51https://repository.udom.ac.tz/handle/20.500.12661/4918Full-text. Available at https://jicts.udsm.ac.tz/index.php/udsm/article/view/51.Web-based Systems Vulnerabilities (WSVs) have been existing over a long time in all Open System Interconnection (OSI) layers. WSV tends to affect online business operations by letting attackers to gain unauthorized access. Different researchers have been publishing common WSVs regularly. From the published vulnerabilities, it can be noted that the ranking of vulnerabilities is not static. Prevalence of common vulnerabilities tends to vary with time. Moreover, ranking of vulnerabilities from various practitioners, such as OWASP and CWE, at a particular point in time tends to be different because of different approaches and sources. This work sought to come up with an objective way of establishing the latest ranking of common WSV by conducting a Systematic Literature Review from scholarly sources. This study extracted 127 publications from Scholarly Databases: Association of Computing Machineries, ScienceDirect, Springer, IEEE, and Google scholar. After the review, only 62 articles were considered based on five inclusion and exclusion criteria. The review reveals that cross site script, structured query language injection, broken authentication and session management, operating system command injection and file inclusion are the most common WSV.enCommon Web VulnerabilitiesCyber SecuritySystematic Literature Review WebVulnerability RankingQuantifying Vulnerabilities: A Systematic Review of the State-of-the-Art Web-Based SystemsArticle10.56279/jicts.v2i1.51