Added the Smart DFS feature to the Dom Parser which uses a similarity heuristic technology for DOM elements to avoid multiple scanning of the same or similar parameters.
Added license load option to Help menu.
Improved “Not Found Analyzer” to better handle binary responses and long strings.
Changed the default settings of JIRA Send to Action for better out of the box support.
Added a link to the proof URL for XSS vulnerabilities.
Added link generation to Text Parser for all select element options.
Improved the DOM parser to skip redirect responses.
Added an option to allow the user to move the Invicti data directory to a different location.
Improved the DOM parser to use the input value for auto-suggest simulation when input is not in a form.
Added support for modifying asynchronous JavaScript executions in order to increase DOM Parser coverage.
Improved relative link parsing on JavaScript files.
Improved the coverage of file upload security checks.
Improved the coverage of XSS security checks.
FIXES
Fixed an issue where LFI attack patterns are reported as internal path disclosure.
Fixed the incorrect raw response representing SSL connections.
Fixed an issue where forms containing ignored parameters are not reported as CSRF vulnerability.
Fixed a case where dynamically generated HTML option elements’ change event were not being triggered.
Fixed cross-domain document access errors on DOM parser and XSS scanner.
Fixed an issue where a JSON request’s method was incorrectly recognized as POST rather than GET.
Fixed a retest issue where a vulnerability is reported as fixed incorrectly.
Fixed form values target setting to use Name as the default value when a Target is not selected.
Fixed an issue related with JavaScript “Load Preset Values” combo where selecting a preset value may revert the combo value to “(Custom)”.
Fixed a file extension parsing issue related with File Extension List knowledgebase item.
Fixed a hang issue occurs while performing JavaScript library checks.
Fixed a custom form authentication API issue where “ns” namespace was conflicting with a global variable on target web site (authentication API has been moved to “invicti” namespace preserving the “ns” backward compatibility)
Fixed a DOM Parser and XSS scanner bug that incorrectly follows redirects.
Fixed misplaced certainty label on vulnerability details for trial editions.
Fixed an ObjectDisposedException occurs on trial edition when you press escape key several times during application load.
Fixed a resource deployment issue occurs on Invicti installations with custom application data path.
Fixed a form values issue where empty form values should not set any default values for parameters.
Fixed an issue where trying to set Connection request header fails.
By using this website you agree with our use of cookies to improve its performance and enhance your experience. More information in our Privacy Policy.
