Web Application Vulnerabilities Index

This page lists 144 vulnerabilities categorized as medium severity that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Select Vulnerability
Vulnerability Name
Classification
Severity
Sensitive Data Exposure - NuGet API Key
Sensitive Data Exposure - NuGet API Key
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Okta Secret Key
Sensitive Data Exposure - Okta Secret Key
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Omise Secret Key
Sensitive Data Exposure - Omise Secret Key
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Paypal Access Token
Sensitive Data Exposure - Paypal Access Token
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Picatic API key
Sensitive Data Exposure - Picatic API key
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - SendGrid API Key
Sensitive Data Exposure - SendGrid API Key
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Sentry Auth Token
Sensitive Data Exposure - Sentry Auth Token
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Slack Token
Sensitive Data Exposure - Slack Token
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Slack v1.x Token
Sensitive Data Exposure - Slack v1.x Token
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Slack Webhook
Sensitive Data Exposure - Slack Webhook
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - SonarQube User Token
Sensitive Data Exposure - SonarQube User Token
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Square OAuth Secret
Sensitive Data Exposure - Square OAuth Secret
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Square Personal Access Token
Sensitive Data Exposure - Square Personal Access Token
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - SSH Key
Sensitive Data Exposure - SSH Key
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Stripe API key
Sensitive Data Exposure - Stripe API key
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Symfony Application Secret
Sensitive Data Exposure - Symfony Application Secret
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Teams Webhook
Sensitive Data Exposure - Teams Webhook
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Telegram Bot API Token
Sensitive Data Exposure - Telegram Bot API Token
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Twilio API Key
Sensitive Data Exposure - Twilio API Key
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Twitter Access Token Secret
Sensitive Data Exposure - Twitter Access Token Secret
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - Twitter API Secret Key
Sensitive Data Exposure - Twitter API Secret Key
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Data Exposure - WordPress Authentication Key/Salt
Sensitive Data Exposure - WordPress Authentication Key/Salt
PCI v3.2-6.5.6
, 
CAPEC-37
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
WASC-WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Sensitive Pages Could Be Cached
Sensitive Pages Could Be Cached
CWE-525
, 
Low
SeoPanel Detected
SeoPanel Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Serendipity Detected
Serendipity Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Server-Side Request Forgery
Server-Side Request Forgery
CWE-918
, 
ISO27001-A.14.2.5
, 
WASC-20
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
Medium
Server-Side Request Forgery (Apache Server Status)
Server-Side Request Forgery (Apache Server Status)
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
, 
High
Server-Side Request Forgery (AWS)
Server-Side Request Forgery (AWS)
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A5
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
, 
High
Server-Side Request Forgery (elmah)
Server-Side Request Forgery (elmah)
PCI v3.2-6.5.6
, 
CAPEC-347
, 
CWE-918
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
, 
High
Server-Side Request Forgery (elmah MVC)
Server-Side Request Forgery (elmah MVC)
PCI v3.2-6.5.6
, 
CAPEC-347
, 
CWE-918
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
, 
High
Server-Side Request Forgery (Equinix)
Server-Side Request Forgery (Equinix)
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
, 
Critical
Server-Side Request Forgery (MySQL)
Server-Side Request Forgery (MySQL)
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
, 
High
Server-Side Request Forgery (Oracle Cloud)
Server-Side Request Forgery (Oracle Cloud)
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
, 
Critical
Server-Side Request Forgery (Packet Cloud)
Server-Side Request Forgery (Packet Cloud)
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
, 
Critical
Server-Side Request Forgery (SSH)
Server-Side Request Forgery (SSH)
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
, 
High
Server-Side Request Forgery (Time Based)
Server-Side Request Forgery (Time Based)
CWE-918
, 
ISO27001-A.14.2.5
, 
WASC-20
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
Medium
Server-Side Request Forgery (trace.axd)
Server-Side Request Forgery (trace.axd)
PCI v3.2-6.5.6
, 
CAPEC-347
, 
CWE-918
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
, 
Critical
Server-Side Template Injection
Server-Side Template Injection
PCI v3.2-6.5.1
, 
CWE-74
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Server-Side Template Injection (ASP.NET Razor)
Server-Side Template Injection (ASP.NET Razor)
PCI v3.2-6.5.1
, 
CWE-74
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Server-Side Template Injection (IAST)
Server-Side Template Injection (IAST)
PCI v3.2-6.5.1
, 
CAPEC-66
, 
CWE-20
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-19
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
High
Server-Side Template Injection (Java FreeMarker)
Server-Side Template Injection (Java FreeMarker)
PCI v3.2-6.5.1
, 
CWE-74
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Server-Side Template Injection (Java Pebble)
Server-Side Template Injection (Java Pebble)
PCI v3.2-6.5.1
, 
CWE-74
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Server-Side Template Injection (Java Velocity)
Server-Side Template Injection (Java Velocity)
PCI v3.2-6.5.1
, 
CWE-74
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Server-Side Template Injection (JinJava)
Server-Side Template Injection (JinJava)
PCI v3.2-6.5.1
, 
CWE-74
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Server-Side Template Injection (Node.js Dot)
Server-Side Template Injection (Node.js Dot)
PCI v3.2-6.5.1
, 
CWE-74
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Server-Side Template Injection (Node.js EJS)
Server-Side Template Injection (Node.js EJS)
PCI v3.2-6.5.1
, 
CWE-74
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Server-Side Template Injection (Ruby ERB)
Server-Side Template Injection (Ruby ERB)
PCI v3.2-6.5.1
, 
CWE-74
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Session Cookie Not Marked as Secure
Session Cookie Not Marked as Secure
PCI v3.2-6.5.10
, 
CAPEC-102
, 
CWE-614
, 
ISO27001-A.14.1.2
, 
WASC-15
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
, 
Medium
SharePoint Identified
SharePoint Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
SharePoint "ToolShell" RCE (CVE-2025-49704/CVE-2025-49706/CVE-2025-53770/CVE-2025-53771)
SharePoint "ToolShell" RCE (CVE-2025-49704/CVE-2025-49706/CVE-2025-53770/CVE-2025-53771)
CWE-CWE-502
, 
Critical
Shell Script Detected
Shell Script Detected
CWE-200
, 
ISO27001-A.8.1.1
, 
WASC-13
, 
Information
Shopify Identified
Shopify Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Silverlight Client Access Policy Detected
Silverlight Client Access Policy Detected
ISO27001-None
, 
Information
Silverstripe CMS Detected
Silverstripe CMS Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
SimpleHelp Path Traversal (CVE-2024-57727)
SimpleHelp Path Traversal (CVE-2024-57727)
CWE-CWE-22
, 
High
Sitecore Arbitrary File Read (CVE-2024-46938)
Sitecore Arbitrary File Read (CVE-2024-46938)
CWE-CWE-200
, 
High
Sitecore XM/XP Insecure Deserialization (CVE-2025-27218)
Sitecore XM/XP Insecure Deserialization (CVE-2025-27218)
CWE-CWE-502
, 
Critical
Sitemap Detected
Sitemap Detected
ISO27001-A.18.1.3
, 
Information
Slick Identified
Slick Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
SnapSvg Identified
SnapSvg Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Social Security Number Disclosure
Social Security Number Disclosure
PCI v3.2-6.5.3
, 
CAPEC-118
, 
CWE-213
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
Low
SonicWall SSL-VPN Server Identified
SonicWall SSL-VPN Server Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Sortablejs Identified
Sortablejs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Source Code Disclosure (ASP.NET)
Source Code Disclosure (ASP.NET)
CAPEC-118
, 
CWE-540
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
Medium
Source Code Disclosure (ColdFusion)
Source Code Disclosure (ColdFusion)
CAPEC-118
, 
CWE-540
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
Medium
Source Code Disclosure (Generic)
Source Code Disclosure (Generic)
CAPEC-118
, 
CWE-540
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.9.4.5
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
Medium
Source Code Disclosure (Java)
Source Code Disclosure (Java)
CAPEC-118
, 
CWE-540
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.9.4.5
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
Medium
Source Code Disclosure (Java Servlet)
Source Code Disclosure (Java Servlet)
CAPEC-118
, 
CWE-540
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.9.4.5
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
Medium
Source Code Disclosure (JSP)
Source Code Disclosure (JSP)
CAPEC-118
, 
CWE-540
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.9.4.5
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
Medium
Source Code Disclosure (Perl)
Source Code Disclosure (Perl)
CAPEC-118
, 
CWE-540
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.9.4.5
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
Medium
Source Code Disclosure (PHP)
Source Code Disclosure (PHP)
CAPEC-118
, 
CWE-540
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.9.4.5
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
Medium
Source Code Disclosure (Python)
Source Code Disclosure (Python)
CAPEC-118
, 
CWE-540
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.9.4.5
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
Medium
Source Code Disclosure (Ruby)
Source Code Disclosure (Ruby)
CAPEC-118
, 
CWE-540
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.9.4.5
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
Medium
Source Code Disclosure (Tomcat)
Source Code Disclosure (Tomcat)
CAPEC-118
, 
CWE-540
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.9.4.5
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
Medium