Web Application Vulnerabilities Index

This page lists 144 vulnerabilities categorized as medium severity that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Select Vulnerability
Vulnerability Name
Classification
Severity
Out-of-date Version (YOURLS)
Out-of-date Version (YOURLS)
PCI v3.2-6.2
, 
CAPEC-310
, 
CWE-1035
, 
937
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
Information
Out-of-date Version (YUI)
Out-of-date Version (YUI)
PCI v3.2-6.2
, 
CAPEC-310
, 
CWE-1035
, 
937
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
Information
Out-of-date Version (Zen Cart)
Out-of-date Version (Zen Cart)
PCI v3.2-6.2
, 
CAPEC-310
, 
CWE-1035
, 
937
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
Information
Out-of-date Version (ZenPhoto)
Out-of-date Version (ZenPhoto)
PCI v3.2-6.2
, 
CAPEC-310
, 
CWE-1035
, 
937
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
Information
Out-of-date Version (Zepto.js)
Out-of-date Version (Zepto.js)
PCI v3.2-6.2
, 
CAPEC-310
, 
CWE-1035
, 
937
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
Information
Out-of-date Version (Zikula)
Out-of-date Version (Zikula)
PCI v3.2-6.2
, 
CAPEC-310
, 
CWE-1035
, 
937
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
Information
Out-of-date Version (Zope)
Out-of-date Version (Zope)
PCI v3.2-6.2
, 
CAPEC-310
, 
CWE-1035
, 
937
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
Information
Out-of-date Version (Zurmo)
Out-of-date Version (Zurmo)
PCI v3.2-6.2
, 
CAPEC-310
, 
CWE-1035
, 
937
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
Information
Overly Long Session Timeout
Overly Long Session Timeout
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
Medium
ownCloud Detected
ownCloud Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Palo Alto PAN-OS Management Interface Auth Bypass (CVE-2024-0012/CVE-2024-9474)
Palo Alto PAN-OS Management Interface Auth Bypass (CVE-2024-0012/CVE-2024-9474)
CWE-CWE-306
, 
Critical
PAN-OS GlobalProtect XSS (CVE-2025-0133)
PAN-OS GlobalProtect XSS (CVE-2025-0133)
CWE-CWE-79
, 
Medium
PAN-OS Management Interface Authentication Bypass (CVE-2025-0108)
PAN-OS Management Interface Authentication Bypass (CVE-2025-0108)
CWE-CWE-287
, 
Critical
Pardot Server Identified
Pardot Server Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Passive Mixed Content over HTTPS
Passive Mixed Content over HTTPS
CWE-319
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
Low
Passive Web Backdoor Detected
Passive Web Backdoor Detected
PCI v3.2-6.5.6
, 
CWE-507
, 
HIPAA-164.308(a)
, 
ISO27001-A.12.2.1
, 
OWASP 2017-A10
, 
Low
Password Transmitted over HTTP
Password Transmitted over HTTP
PCI v3.2-6.5.4
, 
CAPEC-65
, 
CWE-319
, 
ISO27001-A.14.1.3
, 
WASC-4
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
, 
High
Password Transmitted over Query String
Password Transmitted over Query String
PCI v3.2-6.5.4
, 
CWE-598
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
, 
Medium
Payara Identified
Payara Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
PdfJs Identified
PdfJs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Pega Identified
Pega Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Perl Identified
Perl Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
pH7CMS Detected
pH7CMS Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Phaser Identified
Phaser Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Phishing by Navigating Browser Tabs
Phishing by Navigating Browser Tabs
CWE-16
, 
ISO27001-A.14.1.2
, 
WASC-15
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Phorum Detected
Phorum Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Php Address Book Detected
Php Address Book Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
PHP allow_url_fopen Is Enabled
PHP allow_url_fopen Is Enabled
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
PHP allow_url_include Is Enabled
PHP allow_url_include Is Enabled
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
phpBB Detected
phpBB Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
PHP display_errors Is Enabled
PHP display_errors Is Enabled
CWE-211
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
PHP enable_dl Is Enabled
PHP enable_dl Is Enabled
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
, 
Medium
PhpFusion Detected
PhpFusion Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
PHP Identified
PHP Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
phpinfo() Output Detected
phpinfo() Output Detected
CWE-213
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
WASC-13
, 
Low
phpList Detected
phpList Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
phpLiteAdmin Detected
phpLiteAdmin Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
PHP magic_quotes_gpc Is Disabled
PHP magic_quotes_gpc Is Disabled
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
, 
Medium
phpMoAdmin Detected
phpMoAdmin Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
phpMyAdmin Detected
phpMyAdmin Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
PhpMyFAQ Detected
PhpMyFAQ Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
PHP open_basedir Is Not Configured
PHP open_basedir Is Not Configured
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
PHP register_globals Is Enabled
PHP register_globals Is Enabled
CWE-473
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
Medium
PHP session.use_only_cookies Is Disabled
PHP session.use_only_cookies Is Disabled
CWE-598
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
, 
Medium
PHP session.use_trans_sid Is Enabled
PHP session.use_trans_sid Is Enabled
CWE-598
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
, 
Medium
Phusion Passenger Identified
Phusion Passenger Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Piwigo Detected
Piwigo Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Piwik Detected
Piwik Detected
CAPEC-224
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-45
, 
OWASP 2017-A6
, 
Information
PixiJs Identified
PixiJs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Play Web Framework Identified
Play Web Framework Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Plesk (Linux) Identified
Plesk (Linux) Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Plesk (Windows) Identified
Plesk (Windows) Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Plone CMS Identified
Plone CMS Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Plupload Identified
Plupload Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
PmWiki Detected
PmWiki Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Podcast Generator Detected
Podcast Generator Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Polyfill.io Supply Chain Attack
Polyfill.io Supply Chain Attack
No items found.
High
Polymer Identified
Polymer Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Popper.js Identified
Popper.js Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
PossibleBlindMongoDB
PossibleBlindMongoDB
PCI v3.2-6.5.1
, 
CAPEC-66
, 
CWE-89
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-19
, 
OWASP 2013-A1
, 
Critical
Possible Boolean Mongo Db Injection
Possible Boolean Mongo Db Injection
PCI v3.2-6.5.1
, 
CAPEC-66
, 
CWE-89
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-19
, 
OWASP 2013-A1
, 
Critical
PrestaShop Detected
PrestaShop Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
PrettyPhoto Identified
PrettyPhoto Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Private Burp Collaborator Server Identified
Private Burp Collaborator Server Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Private Json Web Key Set Disclosure
Private Json Web Key Set Disclosure
CAPEC-118
, 
CWE-200
, 
ISO27001-A.18.1.4
, 
WASC-13
, 
Critical
Programming Error Message
Programming Error Message
PCI v3.2-6.5.5
, 
CAPEC-118
, 
CWE-210
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Programming Error Message (Ruby)
Programming Error Message (Ruby)
PCI v3.2-6.5.5
, 
CAPEC-118
, 
CWE-210
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Progress MOVEit Transfer SQL Injection
Progress MOVEit Transfer SQL Injection
PCI v3.2-6.5.1
, 
CAPEC-66
, 
CWE-89
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-19
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
High
ProjectSend Detected
ProjectSend Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Prototypejs Identified
Prototypejs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Prototype Pollution
Prototype Pollution
PCI v3.2-6.5.7
, 
CAPEC-180
, 
CWE-1321
, 
HIPAA-164.306(a)
, 
ISO27001-A.13.1.3
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
Information
Python Identified
Python Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Python WSGIserver Identified
Python WSGIserver Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
qdPM Detected
qdPM Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information