The issue of cross-scripting
Remote code execution
Lack of data encryption
Shortage of transport layer protection
Coming to the communication model for web apps is stateless, which indicates that the HTTP connection is independent of the earlier connections. What it indicates is that the session data can be passed from one page to another, which forces developers to occupy cookies along with the transport layer to save information. Platforms like appsealing are going to guide you about the same. The cookies can be intercepted and it is modified by malicious actors, as they are rated to be secure and ignored in the form of transport protection.
Authentication practices lack of it
There is a lack of software testing before it reaches the market
In any software, there are bound to be bugs or issues that are likely to spring up. They may be annoying but rarely do they pose a threat to your personal information and security. But this is not the truth with other forms of software that include open-source programs like Java Script. Most of the programs have a rigorous type of testing, the others are not going to obtain an effective test regime till you go on to release it to the public. By that point of time you would be vulnerable to an attack as anyone would be looking to strike at that juncture.