Web Vulnerability & Security Check

Web Application Vulnerabilities Index

This page lists 144 vulnerabilities categorized as medium severity that can be detected by Invicti.

Select Category

Select Vulnerability

Vulnerability Name

Classification

Severity

markdown-it Identified

Information

Masa CMS Identified

Information

Mashery Proxy Identified

Information

MathJax Identified

Information

MathJs Identified

Information

MediaWiki Detected

Information

Mibew Messenger Detected

Information

Microsoft Access Database File Detected

Medium

Microsoft IIS Log File Detected

Low

Microsoft Outlook Personal Folders File (.pst) Found

Low

Information

Misconfigured Access-Control-Allow-Origin Header

Low

Misconfigured Frame

Low

Missing Content-Type Header

Low

Missing frame-ancestors in CSP Declaration

Information

Missing object-src in CSP Declaration

Information

Missing X-Content-Type-Options Header

Low

Mithril Identified

Information

Modernizr Identified

Information

Mod_Ssl Identified

Information

Information

Momentjs Identified

Information

MongoDB Injection (IAST)

Critical

MongoDB Operator Injection

High

Mongrel Identified

Information

Moodle Detected

Information

MOVEit Identified

Information

Multiple Content Security Policy (CSP) Implementation Detected

Information

Mustachejs Identified

Information

Information

Next.js React Framework Identified

Information

Nexus Repository OSS Identified

Information

Nginx Web Server Identified

Information

Node.js Web Application does not handle uncaughtException

Medium

Node.js Web Application does not handle unhandledRejection

Medium

Nonce Usage Detected in Content Security Policy (CSP) Directive

Information

No SAML Response Signature Check

High

No Script Block Detected with the Hash Value Declared in Content Security Policy (CSP)

Information

NTLM Authorization Required

Information

NuSOAP Identified

Information

Information

OpenCart Detected

Information

Open Policy Crossdomain.xml Detected

Medium

Open Redirection

Medium

Open Redirection (DOM based)

Medium

Open Redirection in POST method

Low

OpenResty Web Platform Identified

Information

OpenSearch.xml Detected

Information

Open Silverlight Client Access Policy

Medium

OpenSSL Heartbleed

Critical

OpenSSL Identified

Information

OpenVPN Access Server Identified

Information

OPTIONS Method Enabled

Information

Oracle Access Manager 'opensso' Deserialization RCE (CVE-2021-35587)

High

Oracle Application Server Identified

Information

Oracle EBS - Unauthenticated Remote Code Execution

Critical

Oracle HTTP Server Identified

Information

Oracle WebLogic Authentication Bypass (CVE-2020-14883)

High

Oracle WebLogic Remote Code Execution (CVE-2020-14882)

Critical

osClass Detected

Information

osCommerce Detected

Information

osTicket Detected

Information

Out of Band Code Evaluation (Apache Struts 2)

Critical

Out of Band Code Evaluation (Apache Struts 2) S2-053

Critical

Out of Band Code Evaluation (ASP)

Critical

Out of Band Code Evaluation (Log4j)

Critical

Out of Band Code Evaluation (Node.js)

Critical

Out of Band Code Evaluation (Perl)

Critical

Out of Band Code Evaluation (PHP)

Critical

Out of Band Code Evaluation (Python)

Critical

Out of Band Code Evaluation (RoR)

Critical

Out of Band Code Evaluation (RoR - JSON)

Critical

Out of Band Code Evaluation (Ruby)

Critical

Out of Band Code Execution via SSTI

Critical