Web Application Vulnerabilities Index

This page lists 144 vulnerabilities categorized as medium severity that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Vulnerability Name
Classification
Severity
Lodash Identified
Lodash Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Log File Detected
Log File Detected
CAPEC-87
, 
CWE-425
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A7
, 
OWASP 2017-A5
, 
PCI v3.2-6.5.8
, 
WASC-34
, 
Information
Login Page Identified
Login Page Identified
No items found.
Information
Lua Identified
Lua Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Magento Identified
Magento Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Mail Header Injection (IAST)
Mail Header Injection (IAST)
CAPEC-66
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
, 
CWE-20
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
WASC-19
, 
Critical
Mailman Identified
Mailman Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Malware Identified
Malware Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
, 
CWE-506
, 
Critical
MarionetteJs Identified
MarionetteJs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
markdown-it Identified
markdown-it Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Masa CMS Identified
Masa CMS Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Mashery Proxy Identified
Mashery Proxy Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
MathJax Identified
MathJax Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
MathJs Identified
MathJs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
MediaWiki Detected
MediaWiki Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Mibew Messenger Detected
Mibew Messenger Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Microsoft Access Database File Detected
Microsoft Access Database File Detected
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
, 
CWE-285
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A7
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.8
, 
WASC-2
, 
Medium
Microsoft IIS Log File Detected
Microsoft IIS Log File Detected
CAPEC-87
, 
CWE-425
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A7
, 
OWASP 2017-A5
, 
PCI v3.2-6.5.8
, 
WASC-34
, 
Low
Microsoft Outlook Personal Folders File (.pst) Found
Microsoft Outlook Personal Folders File (.pst) Found
CWE-284
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A7
, 
OWASP 2017-A5
, 
PCI v3.2-6.5.8
, 
WASC-2
, 
Low
Mint Detected
Mint Detected
CAPEC-224
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-45
, 
Information
Misconfigured Access-Control-Allow-Origin Header
Misconfigured Access-Control-Allow-Origin Header
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.8
, 
WASC-15
, 
Low
Misconfigured Frame
Misconfigured Frame
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2017-A6
, 
WASC-15
, 
Low
Misconfigured X-Frame-Options Header
Misconfigured X-Frame-Options Header
CAPEC-103
, 
CWE-693
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Missing Content-Type Header
Missing Content-Type Header
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.7
, 
WASC-15
, 
Low
Missing frame-ancestors in CSP Declaration
Missing frame-ancestors in CSP Declaration
CWE-16
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
Information
Missing object-src in CSP Declaration
Missing object-src in CSP Declaration
CWE-16
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
Information
Missing X-Content-Type-Options Header
Missing X-Content-Type-Options Header
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Low
Missing X-Frame-Options Header
Missing X-Frame-Options Header
CAPEC-103
, 
CWE-693
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Missing X-XSS-Protection Header
Missing X-XSS-Protection Header
CWE-16
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
Best Practice
Mithril Identified
Mithril Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Modernizr Identified
Modernizr Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Mod_Ssl Identified
Mod_Ssl Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
MODX Detected
MODX Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Momentjs Identified
Momentjs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
MongoDB Injection (IAST)
MongoDB Injection (IAST)
CAPEC-66
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
CWE-89
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
WASC-19
, 
Critical
MongoDB Operator Injection
MongoDB Operator Injection
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
, 
CWE-943
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
High
Mongrel Identified
Mongrel Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Moodle Detected
Moodle Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Movable Type Detected
Movable Type Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
MOVEit Identified
MOVEit Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Multiple Content Security Policy (CSP) Implementation Detected
Multiple Content Security Policy (CSP) Implementation Detected
CWE-16
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
Information
Multiple Declarations in X-Frame-Options Header
Multiple Declarations in X-Frame-Options Header
CAPEC-103
, 
CWE-693
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Mustachejs Identified
Mustachejs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
MyBB Detected
MyBB Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Next.js React Framework Identified
Next.js React Framework Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Next.js/React Server Components RCE (CVE-2025-55182 & CVE-2025-66478)
Next.js/React Server Components RCE (CVE-2025-55182 & CVE-2025-66478)
CWE-CWE-94
, 
Critical
Nexus Repository OSS Identified
Nexus Repository OSS Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Nginx Web Server Identified
Nginx Web Server Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Node.js Web Application does not handle uncaughtException
Node.js Web Application does not handle uncaughtException
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
CWE-248
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Medium
Node.js Web Application does not handle unhandledRejection
Node.js Web Application does not handle unhandledRejection
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
CWE-248
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Medium
Nonce Usage Detected in Content Security Policy (CSP) Directive
Nonce Usage Detected in Content Security Policy (CSP) Directive
ISO27001-A.14.2.5
, 
Information
No SAML Response Signature Check
No SAML Response Signature Check
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
, 
CWE-16
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
High
No Script Block Detected with the Hash Value Declared in Content Security Policy (CSP)
No Script Block Detected with the Hash Value Declared in Content Security Policy (CSP)
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Information
NTLM Authorization Required
NTLM Authorization Required
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
ISO27001-A.9.4.1
, 
Information
NuSOAP Identified
NuSOAP Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Omeka Detected
Omeka Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
OpenCart Detected
OpenCart Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Open Policy Crossdomain.xml Detected
Open Policy Crossdomain.xml Detected
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-16
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Medium
Open Redirection
Open Redirection
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
, 
CWE-601
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A10
, 
WASC-38
, 
Medium
Open Redirection (DOM based)
Open Redirection (DOM based)
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
, 
CWE-601
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A10
, 
WASC-38
, 
Medium
Open Redirection in POST method
Open Redirection in POST method
CWE-601
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A10
, 
OWASP 2017-A5
, 
WASC-38
, 
Low
OpenResty Web Platform Identified
OpenResty Web Platform Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
OpenSearch.xml Detected
OpenSearch.xml Detected
CWE-200
, 
ISO27001-A.18.1.3
, 
Information
Open Silverlight Client Access Policy
Open Silverlight Client Access Policy
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-16
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Medium
OpenSSL Heartbleed
OpenSSL Heartbleed
CAPEC-216
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-119
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A6
, 
OWASP 2017-A9
, 
PCI v3.2-6.5.2
, 
Critical
OpenSSL Identified
OpenSSL Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
OpenVPN Access Server Identified
OpenVPN Access Server Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
OPTIONS Method Enabled
OPTIONS Method Enabled
CAPEC-107
, 
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Information
Oracle Access Manager 'opensso' Deserialization RCE (CVE-2021-35587)
Oracle Access Manager 'opensso' Deserialization RCE (CVE-2021-35587)
CWE-CWE-502
, 
High
Oracle Application Server Identified
Oracle Application Server Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Oracle EBS - Unauthenticated Remote Code Execution
Oracle EBS - Unauthenticated Remote Code Execution
CAPEC-210
, 
CWE-94
, 
HIPAA-164.306(a)
, 
ISO27001-A14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
WASC-42
, 
Critical
Oracle HTTP Server Identified
Oracle HTTP Server Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Oracle Identity Manager Authentication Bypass (CVE-2025-61757)
Oracle Identity Manager Authentication Bypass (CVE-2025-61757)
CWE-CWE-306
, 
Critical
Oracle WebLogic Authentication Bypass (CVE-2020-14883)
Oracle WebLogic Authentication Bypass (CVE-2020-14883)
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
, 
CWE-288
, 
OWASP 2013-A2
, 
OWASP 2017-A2
, 
High