Web Application Vulnerabilities Index

This page lists 144 vulnerabilities categorized as medium severity that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Vulnerability Name
Classification
Severity
Code Evaluation (Apache Struts) S2-016
Code Evaluation (Apache Struts) S2-016
Critical
Code Evaluation (Apache Struts) S2-045
Code Evaluation (Apache Struts) S2-045
Critical
Code Evaluation (Apache Struts) S2-046
Code Evaluation (Apache Struts) S2-046
Critical
Code Evaluation (Node.js)
Code Evaluation (Node.js)
Critical
Code Evaluation (PHP)
Code Evaluation (PHP)
Critical
Code Evaluation (PHP) - IAST
Code Evaluation (PHP) - IAST
Critical
Code Evaluation (Perl)
Code Evaluation (Perl)
Critical
Code Evaluation (Python)
Code Evaluation (Python)
Critical
Code Evaluation (RoR - JSON)
Code Evaluation (RoR - JSON)
Critical
Code Evaluation (RoR)
Code Evaluation (RoR)
Critical
Code Evaluation (Ruby)
Code Evaluation (Ruby)
Critical
Code Evaluation via Local File Inclusion (PHP)
Code Evaluation via Local File Inclusion (PHP)
Critical
Code Execution via File Upload
Code Execution via File Upload
Critical
Code Execution via Local File Inclusion
Code Execution via Local File Inclusion
Critical
Code Execution via SSTI
Code Execution via SSTI
Critical
Code Execution via SSTI (ASP.NET Razor)
Code Execution via SSTI (ASP.NET Razor)
Critical
Code Execution via SSTI (Java FreeMarker)
Code Execution via SSTI (Java FreeMarker)
Critical
Code Execution via SSTI (Java Pebble)
Code Execution via SSTI (Java Pebble)
Critical
Code Execution via SSTI (Java Velocity)
Code Execution via SSTI (Java Velocity)
Critical
Code Execution via SSTI (JinJava)
Code Execution via SSTI (JinJava)
Critical
Code Execution via SSTI (Node.js Dot)
Code Execution via SSTI (Node.js Dot)
Critical
Code Execution via SSTI (Node.js EJS)
Code Execution via SSTI (Node.js EJS)
Critical
Code Execution via SSTI (Node.js Marko)
Code Execution via SSTI (Node.js Marko)
Critical
Code Execution via SSTI (Node.js Nunjucks)
Code Execution via SSTI (Node.js Nunjucks)
Critical
Code Execution via SSTI (Node.js Pug (Jade))
Code Execution via SSTI (Node.js Pug (Jade))
Critical
Code Execution via SSTI (PHP Smarty)
Code Execution via SSTI (PHP Smarty)
Critical
Code Execution via SSTI (PHP Twig)
Code Execution via SSTI (PHP Twig)
Critical
Code Execution via SSTI (Python Jinja)
Code Execution via SSTI (Python Jinja)
Critical
Code Execution via SSTI (Python Mako)
Code Execution via SSTI (Python Mako)
Critical
Code Execution via SSTI (Python Tornado)
Code Execution via SSTI (Python Tornado)
Critical
Code Execution via SSTI (Ruby ERB)
Code Execution via SSTI (Ruby ERB)
Critical
Code Execution via SSTI (Ruby Slim)
Code Execution via SSTI (Ruby Slim)
Critical
Code Execution via WebDAV
Code Execution via WebDAV
Critical
Collabtive Detected
Collabtive Detected
Information
Command Injection
Command Injection
Critical
Command Injection (IAST)
Command Injection (IAST)
Critical
Concrete5 Detected
Concrete5 Detected
Information
Configuration File Detected
Configuration File Detected
Information
Content Security Policy (CSP) Contains Out of Scope report-uri Domain
Content Security Policy (CSP) Contains Out of Scope report-uri Domain
Information
Content Security Policy (CSP) Keywords Not Used Within Single Quotes
Content Security Policy (CSP) Keywords Not Used Within Single Quotes
Information
Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes
Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes
Information
Content Security Policy (CSP) Nonce Without Matching Script Block
Content Security Policy (CSP) Nonce Without Matching Script Block
Information
Content Security Policy (CSP) Not Implemented
Content Security Policy (CSP) Not Implemented
Best Practice
Content Security Policy (CSP) report-uri Uses HTTP
Content Security Policy (CSP) report-uri Uses HTTP
Information
Content-Security-Policy-Report-Only Cannot Be Declared Between META Tags
Content-Security-Policy-Report-Only Cannot Be Declared Between META Tags
Information
Content-Security-Policy-Report-Only Cannot Be Declared Without report-uri Directive
Content-Security-Policy-Report-Only Cannot Be Declared Without report-uri Directive
Information
Cookie Not Marked as HttpOnly
Cookie Not Marked as HttpOnly
Low
Cookie Not Marked as Secure
Cookie Not Marked as Secure
Low
Cookie Values Used in Anti-CSRF Token
Cookie Values Used in Anti-CSRF Token
Low
Coppermine Detected
Coppermine Detected
Information
Cowboy HTTP Server Identified
Cowboy HTTP Server Identified
Information
Craft CMS Identified
Craft CMS Identified
Information
Credit Card Disclosure
Credit Card Disclosure
Information
Critical Form Send to HTTP
Critical Form Send to HTTP
Medium
Critical Form Served over HTTP
Critical Form Served over HTTP
Medium
Cross-site Referrer Leakage through usage of no-referrer-when-downgrade in Referrer-Policy
Cross-site Referrer Leakage through usage of no-referrer-when-downgrade in Referrer-Policy
Information
Cross-site Referrer Leakage through usage of origin-when-cross-origin in Referrer-Policy
Cross-site Referrer Leakage through usage of origin-when-cross-origin in Referrer-Policy
Information
Cross-site Referrer Leakage through usage of strict-origin in Referrer-Policy
Cross-site Referrer Leakage through usage of strict-origin in Referrer-Policy
Information
Cross-site Referrer Leakage through usage of strict-origin-when-cross-origin in Referrer-Policy
Cross-site Referrer Leakage through usage of strict-origin-when-cross-origin in Referrer-Policy
Information
Cross-site Referrer Leakage through usage of the origin keyword in Referrer-Policy
Cross-site Referrer Leakage through usage of the origin keyword in Referrer-Policy
Information
Cross-site Referrer Leakage through usage of unsafe-url in Referrer-Policy
Cross-site Referrer Leakage through usage of unsafe-url in Referrer-Policy
Information
Cross-site Request Forgery
Cross-site Request Forgery
Low
Cross-site Request Forgery in Login Form
Cross-site Request Forgery in Login Form
Low
Cross-site Scripting
Cross-site Scripting
High
Cross-site Scripting (DOM based)
Cross-site Scripting (DOM based)
High
Cross-site Scripting via File Upload
Cross-site Scripting via File Upload
High
Cross-site Scripting via Remote File Inclusion
Cross-site Scripting via Remote File Inclusion
High
Crossdomain.xml Detected
Crossdomain.xml Detected
Information
CrushFTP Server Detected
CrushFTP Server Detected
Information
CubeCart Detected
CubeCart Detected
Information
Custom Error Pages Are Not Configured in WEB-INF/web.xml
Custom Error Pages Are Not Configured in WEB-INF/web.xml
Medium
D3Js Identified
D3Js Identified
Information
D3Js Identified
D3Js Identified
Information
Daiquiri Detected
Daiquiri Detected
Information