Web Application Vulnerabilities Index

This page lists 144 vulnerabilities categorized as medium severity that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Select Vulnerability
Vulnerability Name
Classification
Severity
Question2Answer Detected
Question2Answer Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
Information
Ramda Identified
Ramda Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
React Identified
React Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Readme/Help File Detected
Readme/Help File Detected
PCI v3.2-6.5.8
, 
CAPEC-87
, 
CWE-425
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-34
, 
OWASP 2013-A7
, 
OWASP 2017-A5
, 
Information
Referrer-Policy Needs Proper Fallback
Referrer-Policy Needs Proper Fallback
CWE-200
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A6
, 
OWASP 2017-A6
, 
Information
Referrer-Policy Not Implemented
Referrer-Policy Not Implemented
CWE-200
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
Best Practice
Reflected File Download
Reflected File Download
PCI v3.2-6.5.1
, 
CAPEC-375
, 
CWE-840
, 
ISO27001-A.14.2.5
, 
WASC-42
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
Low
RegreSSHion Attack (CVE-2024-6387)
RegreSSHion Attack (CVE-2024-6387)
PCI v3.2-6.5.1
, 
CAPEC-26
, 
CWE-366
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
Critical
Remote Code Execution and DoS in HTTP.sys (IIS)
Remote Code Execution and DoS in HTTP.sys (IIS)
PCI v3.2-6.5.1
, 
CAPEC-340
, 
CWE-20
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-7
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:W/RC:C
, 
Critical
Remote Code Execution (Spring4Shell)
Remote Code Execution (Spring4Shell)
PCI v3.2-6.5.1
, 
CAPEC-242
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
, 
Critical
Remote File Inclusion
Remote File Inclusion
PCI v3.2-6.5.1
, 
CAPEC-193
, 
CWE-98
, 
HIPAA-164.306(a)
, 
ISO27001-A.14.2.5
, 
WASC-5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
, 
Critical
RequireJs Identified
RequireJs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Resin Application Server Identified
Resin Application Server Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Respondjs Identified
Respondjs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Restlet Framework Identified
Restlet Framework Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Retired Hash Function in SAML Response
Retired Hash Function in SAML Response
CWE-16
, 
Information
RevealJs Identified
RevealJs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Reverse Proxy Detected (Apache Traffic Server)
Reverse Proxy Detected (Apache Traffic Server)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
Reverse Proxy Detected (Citrix Netscaler)
Reverse Proxy Detected (Citrix Netscaler)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
Reverse Proxy Detected (Envoy)
Reverse Proxy Detected (Envoy)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
Reverse Proxy Detected (F5 BIG-IP)
Reverse Proxy Detected (F5 BIG-IP)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
Reverse Proxy Detected (HAProxy)
Reverse Proxy Detected (HAProxy)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
Reverse Proxy Detected (Skipper)
Reverse Proxy Detected (Skipper)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
Revive Adserver Detected
Revive Adserver Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Revoked SSL Certificate
Revoked SSL Certificate
CWE-295
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
, 
Medium
Rickshaw Identified
Rickshaw Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
RiotJs Identified
RiotJs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
ROBOT Attack Detected (Strong Oracle)
ROBOT Attack Detected (Strong Oracle)
PCI v3.2-6.5.4
, 
CAPEC-217
, 
ISO27001-A.14.1.3
, 
WASC-4
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:W/RC:C
, 
High
ROBOT Attack Detected (Weak Oracle)
ROBOT Attack Detected (Weak Oracle)
PCI v3.2-6.5.4
, 
CAPEC-217
, 
ISO27001-A.14.1.3
, 
WASC-4
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:W/RC:C
, 
High
Robots.txt Detected
Robots.txt Detected
ISO27001-A.18.1.3
, 
Information
RoR Database Configuration File Detected
RoR Database Configuration File Detected
CWE-285
, 
ISO27001-A.9.4.1
, 
WASC-15
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
RoR Development Mode Enabled
RoR Development Mode Enabled
PCI v3.2-6.5.5
, 
CAPEC-214
, 
CWE-16
, 
ISO27001-A.14.1.1
, 
WASC-14
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Roundcube Detected
Roundcube Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
RSA Private Key Detected
RSA Private Key Detected
CAPEC-118
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
, 
Medium
RubyGems Identified
RubyGems Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Ruby on Rails File Content Disclosure (CVE-2019-5418)
Ruby on Rails File Content Disclosure (CVE-2019-5418)
PCI v3.2-6.5.8
, 
CAPEC-252
, 
CWE-98
, 
HIPAA-164.306(a)
, 
ISO27001-A.14.2.5
, 
WASC-33
, 
OWASP 2013-A4
, 
OWASP 2017-A5
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
High
Ruby on Rails Identified
Ruby on Rails Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Rukovoditel Detected
Rukovoditel Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
Information
SailsJS Identified
SailsJS Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
SameSite Cookie Not Implemented
SameSite Cookie Not Implemented
CWE-16
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
Best Practice
SameSite None Cookie Not Marked as Secure
SameSite None Cookie Not Marked as Secure
CWE-16
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
Best Practice
SAML Consumer Service KeyInfo RetrievalMethod SSRF
SAML Consumer Service KeyInfo RetrievalMethod SSRF
CWE-918
, 
ISO27001-A.14.2.5
, 
WASC-20
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
Medium
SAML Consumer Service XSS Vulnerability
SAML Consumer Service XSS Vulnerability
PCI v3.2-6.5.7
, 
CAPEC-19
, 
CWE-79
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-8
, 
OWASP 2013-A3
, 
OWASP 2017-A7
, 
Medium
SAML Response Signature Exclusion
SAML Response Signature Exclusion
CWE-16
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
, 
High
SAML Response Without Signature
SAML Response Without Signature
CWE-16
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
, 
High
Scheme URI Detected in Content Security Policy (CSP) Directive
Scheme URI Detected in Content Security Policy (CSP) Directive
ISO27001-A.14.2.5
, 
Information
ScrollReveal Identified
ScrollReveal Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Security.txt Detected
Security.txt Detected
ISO27001-A.18.1.3
, 
Information
Select2 Identified
Select2 Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
SemanticUI Identified
SemanticUI Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Sensitive Data Exposure
Sensitive Data Exposure
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Amazon AWS Access Key Id
Sensitive Data Exposure - Amazon AWS Access Key Id
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Amazon AWS Secret Key
Sensitive Data Exposure - Amazon AWS Secret Key
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Amazon MWS Auth Token
Sensitive Data Exposure - Amazon MWS Auth Token
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Amazon SES SMTP Password
Sensitive Data Exposure - Amazon SES SMTP Password
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Consul Token
Sensitive Data Exposure - Consul Token
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Database Connection String - MongoDB - MySQL
Sensitive Data Exposure - Database Connection String - MongoDB - MySQL
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Database Connection String - PostgreSQL
Sensitive Data Exposure - Database Connection String - PostgreSQL
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Devise Secret Key
Sensitive Data Exposure - Devise Secret Key
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Facebook Access Token
Sensitive Data Exposure - Facebook Access Token
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Facebook App ID
Sensitive Data Exposure - Facebook App ID
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Facebook App Secret
Sensitive Data Exposure - Facebook App Secret
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Gitlab Personal Access Token
Sensitive Data Exposure - Gitlab Personal Access Token
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Google Cloud API Key
Sensitive Data Exposure - Google Cloud API Key
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Google OAuth Access Token
Sensitive Data Exposure - Google OAuth Access Token
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Heroku API Key
Sensitive Data Exposure - Heroku API Key
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - JDBC Database Connection String
Sensitive Data Exposure - JDBC Database Connection String
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Jenkins Secret
Sensitive Data Exposure - Jenkins Secret
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - LinkedIn API Key
Sensitive Data Exposure - LinkedIn API Key
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - MailChimp API Key
Sensitive Data Exposure - MailChimp API Key
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - MailGun API Key
Sensitive Data Exposure - MailGun API Key
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Mapbox Token
Sensitive Data Exposure - Mapbox Token
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Nexmo Secret
Sensitive Data Exposure - Nexmo Secret
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - NPM Access Token
Sensitive Data Exposure - NPM Access Token
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium