Web Application Vulnerabilities Index

This page lists 144 vulnerabilities categorized as medium severity that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Vulnerability Name
Classification
Severity
Insecure JSONP Endpoint
Insecure JSONP Endpoint
CWE-20
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A1
, 
WASC-15
, 
Low
Insecure Protocol Detected in Content Security Policy (CSP)
Insecure Protocol Detected in Content Security Policy (CSP)
CWE-319
, 
ISO27001-A.14.2.5
, 
Information
Insecure Reflected Content
Insecure Reflected Content
CWE-16
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A1
, 
WASC-15
, 
Low
Insecure Transportation Security Protocol Supported (SSLv2)
Insecure Transportation Security Protocol Supported (SSLv2)
CAPEC-217
, 
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
, 
CWE-326
, 
HIPAA-164.306
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
High
Insecure Transportation Security Protocol Supported (SSLv3)
Insecure Transportation Security Protocol Supported (SSLv3)
CAPEC-217
, 
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
, 
CWE-326
, 
HIPAA-164.306
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
High
Insecure Transportation Security Protocol Supported (TLS 1.0)
Insecure Transportation Security Protocol Supported (TLS 1.0)
CAPEC-217
, 
CWE-326
, 
HIPAA-164.306
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
High
Insecure Transportation Security Protocol Supported (TLS 1.1)
Insecure Transportation Security Protocol Supported (TLS 1.1)
CAPEC-217
, 
CWE-326
, 
HIPAA-164.306
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
Low
Insecure Usage of Version 1 GUID
Insecure Usage of Version 1 GUID
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N
, 
CWE-328
, 
OWASP 2013-A9
, 
OWASP 2017-A3
, 
Information
Installation File Detected
Installation File Detected
CAPEC-87
, 
CWE-425
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A7
, 
OWASP 2017-A5
, 
PCI v3.2-6.5.8
, 
WASC-34
, 
Information
Intermediate Certificate is Signed Using a Weak Signature Algorithm
Intermediate Certificate is Signed Using a Weak Signature Algorithm
CAPEC-459
, 
ISO27001-A.10
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
WASC-4
, 
Information
Internal IP Address Disclosure
Internal IP Address Disclosure
CWE-200
, 
ISO27001-A.18.1.4
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
Low
Internal Path Disclosure (*nix)
Internal Path Disclosure (*nix)
CAPEC-118
, 
CWE-200
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.9.4.1
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Internal Path Disclosure (Windows)
Internal Path Disclosure (Windows)
CAPEC-118
, 
CWE-200
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.8.1.1
, 
WASC-13
, 
Information
Internal Server Error
Internal Server Error
CWE-550
, 
ISO27001-A.14.1.2
, 
WASC-13
, 
Low
Introjs Identified
Introjs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Invalid Content Security Policy (CSP) Directive Identified in meta Elements
Invalid Content Security Policy (CSP) Directive Identified in meta Elements
CWE-16
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Information
Invalid SSL Certificate
Invalid SSL Certificate
CAPEC-459
, 
CWE-295
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
Medium
IonRangeSlider Identified
IonRangeSlider Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Ivanti ICS and IPS Command Injection - CVE-2024-21887
Ivanti ICS and IPS Command Injection - CVE-2024-21887
CAPEC-88
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
CWE-78
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
WASC-31
, 
Critical
Java Identified
Java Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
JavaMelody Interface Detected
JavaMelody Interface Detected
CAPEC-347
, 
CWE-16
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Medium
JavaScriptCookie Identified
JavaScriptCookie Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Java Servlet Identified
Java Servlet Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Java Verb Tampering Via Misconfigured Security Constraint
Java Verb Tampering Via Misconfigured Security Constraint
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
JBoss Application Server Identified
JBoss Application Server Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
JBoss Core Services Identified
JBoss Core Services Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
JBoss Enterprise Application Platform Identified
JBoss Enterprise Application Platform Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
JBoss Web Console JMX Invoker
JBoss Web Console JMX Invoker
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
, 
CWE-200
, 
High
Jenkins Identified
Jenkins Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
JetBrains .idea Project Directory Detected
JetBrains .idea Project Directory Detected
CAPEC-118
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-285
, 
ISO27001-A9.4.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Medium
Jetty Web Server Identified
Jetty Web Server Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Jolokia Identified
Jolokia Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Joomla Detected
Joomla Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
jPlayer Identified
jPlayer Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
jQuery Identified
jQuery Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
JqueryMask Identified
JqueryMask Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
jQueryMigrate Identified
jQueryMigrate Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
jQueryMobile Identified
jQueryMobile Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
JQuery placeholder.js Identified
JQuery placeholder.js Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
jQueryUiAutocomplete Identified
jQueryUiAutocomplete Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
jQueryUiDialog Identified
jQueryUiDialog Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
jQueryUiTooltip Identified
jQueryUiTooltip Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
JqueryValidation Identified
JqueryValidation Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Json Web Key Set Disclosure
Json Web Key Set Disclosure
CAPEC-118
, 
CWE-200
, 
ISO27001-A.18.1.4
, 
WASC-13
, 
Information
JSP Identified
JSP Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
JsTree Identified
JsTree Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
jszip Identified
jszip Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
JWT Detected
JWT Detected
CWE-205
, 
Information
JWT Forgery via Chaining Jku Parameter with Open Redirect
JWT Forgery via Chaining Jku Parameter with Open Redirect
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
, 
CWE-347
, 
OWASP 2017-A2
, 
High
JWT Forgery via Path Traversal
JWT Forgery via Path Traversal
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
, 
CWE-22
, 
OWASP 2017-A1
, 
High
JWT Forgery via SQL Injection
JWT Forgery via SQL Injection
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
CWE-89
, 
OWASP 2017-A1
, 
High
JWT Forgery via unvalidated jku parameter
JWT Forgery via unvalidated jku parameter
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
, 
CWE-639
, 
OWASP 2017-A1
, 
High
JWT kid Parameter Out of Band Command Injection
JWT kid Parameter Out of Band Command Injection
CAPEC-88
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
CWE-78
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
WASC-31
, 
Critical
JWT Signature Bypass via None Algorithm
JWT Signature Bypass via None Algorithm
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
, 
CWE-287
, 
OWASP 2017-A2
, 
High
JWT Signature is not Verified
JWT Signature is not Verified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
, 
CWE-287
, 
OWASP 2017-A2
, 
High
Kestrel Detected
Kestrel Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Knockoutjs Identified
Knockoutjs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
KnockoutMapping Identified
KnockoutMapping Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Kong Identified
Kong Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Laravel Debug Mode Enabled
Laravel Debug Mode Enabled
CAPEC-214
, 
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.5
, 
WASC-14
, 
Low
Laravel Environment Configuration File Detected
Laravel Environment Configuration File Detected
CWE-285
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Low
Lazyjs Identified
Lazyjs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
LDAP Injection (IAST)
LDAP Injection (IAST)
CAPEC-66
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
CWE-89
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
WASC-19
, 
Critical
Leaflet Identified
Leaflet Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Liferay Digital Experience Platform Detected
Liferay Digital Experience Platform Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Liferay Portal Detected
Liferay Portal Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Lightbox Identified
Lightbox Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Lighthouse Identified
Lighthouse Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Lighttpd Identified
Lighttpd Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
LimeSurvey Detected
LimeSurvey Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
ListJs Identified
ListJs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
LiteSpeed Web Server Identified
LiteSpeed Web Server Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Local File Inclusion
Local File Inclusion
CAPEC-252
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-22
, 
HIPAA-164.306(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A4
, 
OWASP 2017-A5
, 
PCI v3.2-6.5.8
, 
WASC-33
, 
High
Local File Inclusion (IAST)
Local File Inclusion (IAST)
CAPEC-252
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-22
, 
HIPAA-164.306(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A4
, 
OWASP 2017-A5
, 
PCI v3.2-6.5.8
, 
WASC-33
, 
High