Invicti Enterprise On-Demand 13 Oct 2022

This update includes changes to the internal agents. The internal scan agent’s current version is The internal authentication verifier agent’s current version is



  • Added MongoDB Time-based (Blind) Injection.
  • Added SQLite Boolean SQL Injection.
  • Added MongoDB Error-based Injection.


  • Improved the Trend Matrix Report exporting to include the severity information as well.
  • Improved the HashiCorp integration to authenticate with user tokens, too.
  • Updated Vulnerability Detection Logic in the JWT engine.
  • Improved the GraphQL scanning to include the separated comment lines in GraphQL files.
  • Improved the Authentication Verifier Agent to work with self-signed SSL.
  • Improved the Azure Pipeline Extension to generate a scan report on the release pipeline.
  • Updated Liferay Portal signature & added a mapping for version conversion.


  • Fixed a bug that corrupts the header authentication credentials after updating the scheduled scan.
  • Fixed the status information showing different data on the Discovered Webpages page.
  • Fixed the Docker Agent build fail because of the compiler package.
  • Fixed the Total Elapsed and Average Time values displaying 00:00:00 on the Scan Performance tab of the Technical Report.
  • Fixed the time values displaying 00:00:00 on the Crawling Performance node of the Technical Report.
  • Fixed the Authentication Verifier Agent’s time zone bug.
  • Fixed an issue that results in false positive Cross-site Scripting (DOM-based).
  • Fixed the bug that duplicates the login page when users try to revalidate the login form.
  • Fixed the Single Sign-on – encryption certification issue.
  • Fixed the web security issue for the origin header problem.
  • Fixed the sitemap bug that caused missing information when imported.
  • Fixed the bug that threw an error, as HTTP Requester deletes the whole body part of the request which contains the login credentials.
  • Fixed highlighting CSP Directives in different header issues.
  • Fixed duplicate bearer tokens for some requests.
  • Fixed an issue that resulted in false positive Cross-site Scripting (DOM-based).
  • Fixed the bug that shows the previous version of VDB.
  • Fixed parseable false attack patterns place.