Web Application Vulnerabilities Index

This page lists 144 vulnerabilities categorized as medium severity that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Vulnerability Name
Classification
Severity
UAParser.js Identified
UAParser.js Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Unchecked GraphQL Query Length: Potential Denial of Service Vulnerability
Unchecked GraphQL Query Length: Potential Denial of Service Vulnerability
AV:N/AC:L/Au:N/C:N/I:N/A:P
, 
CWE-CWE-400
, 
Medium
UNC Server and Share Disclosure
UNC Server and Share Disclosure
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-16
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Information
Underscorejs Identified
Underscorejs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Undertow Web Server Identified
Undertow Web Server Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Unexpected Redirect Response Body (Too Large)
Unexpected Redirect Response Body (Too Large)
CWE-698
, 
ISO27001-A.14.2.5
, 
WASC-40
, 
Information
Unexpected Redirect Response Body (Two Responses)
Unexpected Redirect Response Body (Two Responses)
CWE-698
, 
ISO27001-A.14.2.5
, 
WASC-25
, 
Low
Unicode Transformation (Best-Fit Mapping)
Unicode Transformation (Best-Fit Mapping)
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
, 
CWE-20
, 
Medium
Unknown Option Used In Referrer-Policy
Unknown Option Used In Referrer-Policy
CWE-200
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A6
, 
OWASP 2017-A6
, 
Information
Unrestricted File Upload
Unrestricted File Upload
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
, 
CWE-434
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
High
Unsafe value for session tracking in WEB-INF/web.xml
Unsafe value for session tracking in WEB-INF/web.xml
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
Unsupported Hash Detected in Content Security Policy (CSP)
Unsupported Hash Detected in Content Security Policy (CSP)
CWE-16
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Information
User Controllable Cookie
User Controllable Cookie
CWE-20
, 
ISO27001-A.14.2.5
, 
WASC-20
, 
Low
Username Disclosure (Microsoft SQL Server)
Username Disclosure (Microsoft SQL Server)
CAPEC-118
, 
CWE-201
, 
HIPAA-164.306(a)
, 
ISO27001-A.18.1.4
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.5
, 
WASC-13
, 
Low
Username Disclosure (MySQL)
Username Disclosure (MySQL)
CAPEC-118
, 
CWE-201
, 
HIPAA-164.306(a)
, 
ISO27001-A.18.1.4
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.5
, 
WASC-13
, 
Low
Vanilla Forums Detected
Vanilla Forums Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Varnish HTTP Cache Server Identified
Varnish HTTP Cache Server Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Vegur Identified
Vegur Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Version Disclosure (AbanteCart)
Version Disclosure (AbanteCart)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Ampache)
Version Disclosure (Ampache)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Angular)
Version Disclosure (Angular)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Angularjs)
Version Disclosure (Angularjs)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Apache)
Version Disclosure (Apache)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Apache Coyote)
Version Disclosure (Apache Coyote)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Apache Module)
Version Disclosure (Apache Module)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Apache Traffic Server)
Version Disclosure (Apache Traffic Server)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Artifactory DevOps Solution)
Version Disclosure (Artifactory DevOps Solution)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (ASP.NET)
Version Disclosure (ASP.NET)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (ASP.NET MVC)
Version Disclosure (ASP.NET MVC)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (AspNetSignalR)
Version Disclosure (AspNetSignalR)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Atlassian Confluence)
Version Disclosure (Atlassian Confluence)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Atlassian Jira)
Version Disclosure (Atlassian Jira)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Atlassian Proxy)
Version Disclosure (Atlassian Proxy)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Atutor)
Version Disclosure (Atutor)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Axios)
Version Disclosure (Axios)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Axway SecureTransport Server)
Version Disclosure (Axway SecureTransport Server)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (B2evolution)
Version Disclosure (B2evolution)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Backbonejs)
Version Disclosure (Backbonejs)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Bluebird)
Version Disclosure (Bluebird)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Bootbox)
Version Disclosure (Bootbox)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Bootstrap3DateTimePicker)
Version Disclosure (Bootstrap3DateTimePicker)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Bootstrapjs)
Version Disclosure (Bootstrapjs)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (BootstrapSelect)
Version Disclosure (BootstrapSelect)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (BootstrapTable)
Version Disclosure (BootstrapTable)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (BootstrapToggle)
Version Disclosure (BootstrapToggle)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (BootstrapTypeahead)
Version Disclosure (BootstrapTypeahead)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (CakePHP Framework)
Version Disclosure (CakePHP Framework)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (CanvasJS)
Version Disclosure (CanvasJS)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Chamilo)
Version Disclosure (Chamilo)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Chartjs)
Version Disclosure (Chartjs)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Cherokee)
Version Disclosure (Cherokee)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (CherryPy)
Version Disclosure (CherryPy)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Ckeditor)
Version Disclosure (Ckeditor)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Claroline)
Version Disclosure (Claroline)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (ClipBucket)
Version Disclosure (ClipBucket)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Collabtive)
Version Disclosure (Collabtive)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Concrete5)
Version Disclosure (Concrete5)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Contao)
Version Disclosure (Contao)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (cookieconsent2)
Version Disclosure (cookieconsent2)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Coppermine)
Version Disclosure (Coppermine)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Cowboy HTTP Server)
Version Disclosure (Cowboy HTTP Server)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (CubeCart)
Version Disclosure (CubeCart)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (D3Js)
Version Disclosure (D3Js)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Daiquiri)
Version Disclosure (Daiquiri)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (DataTables)
Version Disclosure (DataTables)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Django)
Version Disclosure (Django)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Dojo)
Version Disclosure (Dojo)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Dolibarr)
Version Disclosure (Dolibarr)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Dolphin)
Version Disclosure (Dolphin)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (DomPurify)
Version Disclosure (DomPurify)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (DotClear)
Version Disclosure (DotClear)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (dotCMS)
Version Disclosure (dotCMS)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Drupal)
Version Disclosure (Drupal)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Dwr)
Version Disclosure (Dwr)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low