Web Application Vulnerabilities Index

This page lists 144 vulnerabilities categorized as medium severity that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Select Vulnerability
Vulnerability Name
Classification
Severity
Fortigate SSL VPN Arbitrary File reading (CVE-2018-13379)
Fortigate SSL VPN Arbitrary File reading (CVE-2018-13379)
CWE-22
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
, 
High
FortiWeb Authentication Bypass (CVE-2025-64446)
FortiWeb Authentication Bypass (CVE-2025-64446)
CWE-CWE-23
, 
Critical
Foundation Identified
Foundation Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Frame Injection
Frame Injection
PCI v3.2-6.5.1
, 
CWE-601
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-38
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
, 
Medium
Front Accounting Detected
Front Accounting Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
FrontPage Identified
FrontPage Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
FuelUx Identified
FuelUx Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Generic Email Address Disclosure
Generic Email Address Disclosure
CAPEC-118
, 
CWE-200
, 
ISO27001-A.18.1.4
, 
WASC-13
, 
Information
GeoServer Identified
GeoServer Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
Information
GibbonEdu Detected
GibbonEdu Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
GIT Detected
GIT Detected
CAPEC-118
, 
CWE-527
, 
ISO27001-A.9.4.5
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
GlassFish Server Identified
GlassFish Server Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Google Tag Manager Identified
Google Tag Manager Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Grafana Identified
Grafana Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Grafana Open Redirect (CVE-2025-4123)
Grafana Open Redirect (CVE-2025-4123)
CWE-CWE-601
, 
High
GraphiQL Explorer/Playground Enabled
GraphiQL Explorer/Playground Enabled
CWE-CWE-200
, 
AV:N/AC:L/Au:N/C:P/I:N/A:N
, 
Medium
GraphQL Alias Overloading Allowed: Potential Denial of Service Vulnerability
GraphQL Alias Overloading Allowed: Potential Denial of Service Vulnerability
CWE-CWE-400
, 
AV:N/AC:L/Au:N/C:N/I:N/A:P
, 
Medium
GraphQL Array-based Query Batching Allowed: Potential Batching Attack Vulnerability
GraphQL Array-based Query Batching Allowed: Potential Batching Attack Vulnerability
CWE-CWE-770
, 
AV:N/AC:L/Au:N/C:P/I:P/A:P
, 
Medium
GraphQL Circular-Query via Introspection Allowed: Potential DoS Vulnerability
GraphQL Circular-Query via Introspection Allowed: Potential DoS Vulnerability
CWE-CWE-400
, 
AV:N/AC:L/Au:N/C:N/I:N/A:P
, 
Medium
GraphQL Endpoint Detected
GraphQL Endpoint Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
GraphQL Field Suggestions Enabled
GraphQL Field Suggestions Enabled
CWE-CWE-200
, 
AV:N/AC:L/Au:N/C:P/I:N/A:N
, 
Medium
GraphQL Introspection Query Enabled
GraphQL Introspection Query Enabled
CWE-CWE-200
, 
AV:N/AC:L/Au:N/C:P/I:N/A:N
, 
Medium
GraphQL Library Detected (Apollo)
GraphQL Library Detected (Apollo)
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
GraphQL Library Detected (Ariadne)
GraphQL Library Detected (Ariadne)
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
GraphQL Library Detected (Dgraph)
GraphQL Library Detected (Dgraph)
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
GraphQL Library Detected (Diana.jl)
GraphQL Library Detected (Diana.jl)
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
GraphQL Library Detected (Directus)
GraphQL Library Detected (Directus)
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
GraphQL Library Detected (GqlGen)
GraphQL Library Detected (GqlGen)
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
GraphQL Library Detected (Graphene)
GraphQL Library Detected (Graphene)
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
GraphQL Library Detected (GraphQL API for Wordpress)
GraphQL Library Detected (GraphQL API for Wordpress)
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
GraphQL Library Detected (Graphql-Go)
GraphQL Library Detected (Graphql-Go)
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
GraphQL Library Detected (graphql-java)
GraphQL Library Detected (graphql-java)
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
GraphQL Library Detected (graphql-php)
GraphQL Library Detected (graphql-php)
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
GraphQL Library Detected (Hasura)
GraphQL Library Detected (Hasura)
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
GraphQL Library Detected (Hot Chocolate)
GraphQL Library Detected (Hot Chocolate)
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
GraphQL Library Detected (Juniper)
GraphQL Library Detected (Juniper)
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
GraphQL Library Detected (Ruby-graphql)
GraphQL Library Detected (Ruby-graphql)
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
GraphQL Library Detected (Sangria)
GraphQL Library Detected (Sangria)
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
GraphQL Library Detected (Tartiflette)
GraphQL Library Detected (Tartiflette)
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
GraphQL Library Detected (WPGraphQL)
GraphQL Library Detected (WPGraphQL)
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
GraphQL Non-JSON Mutations over GET: Potential CSRF Vulnerability
GraphQL Non-JSON Mutations over GET: Potential CSRF Vulnerability
CWE-CWE-352
, 
AV:N/AC:M/Au:N/C:P/I:P/A:N
, 
Medium
GraphQL Non-JSON Queries over GET: Potential CSRF Vulnerability
GraphQL Non-JSON Queries over GET: Potential CSRF Vulnerability
CWE-CWE-352
, 
AV:N/AC:M/Au:N/C:P/I:P/A:N
, 
Medium
GraphQL Non-JSON Queries over POST: Potential CSRF Vulnerability
GraphQL Non-JSON Queries over POST: Potential CSRF Vulnerability
CWE-CWE-352
, 
AV:N/AC:M/Au:N/C:P/I:P/A:N
, 
Medium
GraphQL Unauthenticated Mutation Detected
GraphQL Unauthenticated Mutation Detected
CWE-CWE-306
, 
AV:N/AC:L/Au:N/C:P/I:N/A:N
, 
Medium
GraphQL Unhandled Error Leakage
GraphQL Unhandled Error Leakage
CWE-CWE-209
, 
AV:N/AC:L/Au:N/C:P/I:N/A:N
, 
Medium
Gsap Identified
Gsap Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Gunicorn Python WSGI HTTP Server Identified
Gunicorn Python WSGI HTTP Server Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Hammerjs Identified
Hammerjs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Handlebarsjs Identified
Handlebarsjs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Hesk Detected
Hesk Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Hiawatha Identified
Hiawatha Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Highcharts Identified
Highcharts Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
.htaccess File Detected
.htaccess File Detected
CWE-285
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
Information
Html5Shiv Identified
Html5Shiv Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
HTTP Header Injection
HTTP Header Injection
PCI v3.2-6.5.1
, 
CAPEC-105
, 
CWE-93
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-24
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
, 
Medium
HTTP Header Injection (IAST)
HTTP Header Injection (IAST)
PCI v3.2-6.5.1
, 
CAPEC-105
, 
CWE-93
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-24
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
, 
Medium
HTTP Parameter Pollution
HTTP Parameter Pollution
CWE-88
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
, 
Medium
HTTP Strict Transport Security (HSTS) Errors and Warnings
HTTP Strict Transport Security (HSTS) Errors and Warnings
CWE-16
, 
ISO27001-A.14.1.2
, 
WASC-15
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
HTTP Strict Transport Security (HSTS) Max-Age Value Too Low
HTTP Strict Transport Security (HSTS) Max-Age Value Too Low
CWE-16
, 
ISO27001-A.14.1.2
, 
WASC-15
, 
Information
HTTP Strict Transport Security (HSTS) Policy Not Enabled
HTTP Strict Transport Security (HSTS) Policy Not Enabled
CAPEC-217
, 
CWE-523
, 
ISO27001-A.14.1.2
, 
WASC-4
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
, 
Medium
HTTP Strict Transport Security (HSTS) via HTTP
HTTP Strict Transport Security (HSTS) via HTTP
CWE-16
, 
ISO27001-A.14.1.2
, 
WASC-15
, 
OWASP 2017-A6
, 
Information
HubSpot Identified
HubSpot Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
IBM Business Process Manager (BPM) Identified
IBM Business Process Manager (BPM) Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
IBM HTTP Server Identified
IBM HTTP Server Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
IBM Rational Team Concert (RTC) Identified
IBM Rational Team Concert (RTC) Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
IBM Security Access Manager (WebSEAL) Identified
IBM Security Access Manager (WebSEAL) Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
IIS Identified
IIS Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
ImagePicker Identified
ImagePicker Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
I'm a Teapot
I'm a Teapot
ISO27001-None
, 
Information
Incorrect Content Security Policy (CSP) Implementation
Incorrect Content Security Policy (CSP) Implementation
CWE-16
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Information
Inferno Identified
Inferno Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Information Disclosure (Microsoft Office)
Information Disclosure (Microsoft Office)
PCI v3.2-6.5.5
, 
CAPEC-118
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Low
Insecure Frame (External)
Insecure Frame (External)
CWE-16
, 
ISO27001-A.14.1.2
, 
WASC-15
, 
OWASP 2017-A6
, 
Low
Insecure HTTP Usage
Insecure HTTP Usage
ISO27001-A.14.1.3
, 
WASC-4
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
, 
Medium