Invicti Standard 08 Jul 2025 v25.7.0

Security checks

Improvements

  • Improved XSS detection to reduce noise
  • Increased the timeout duration for IAST responses to prevent premature failures
  • Implemented an enhancement to capture the token information present in the response during the OAuth2 Implicit Flow
  • Implemented an enhancement to enable more effective cookie management when HTTP/2 is enabled
  • Updated dependencies with known vulnerabilities
  • Improved prototype-pollution detection to reduce noise

Resolved issues

  • Enhanced support for using multiple secrets simultaneously within a single custom header
  • Resolved an issue where duplicate X-Content-Type-Options headers triggered false missing header reports
  • A fix was implemented to prevent the application from crashing due to faulty custom scripts
  • Addressed an issue encountered during report policy migration
  • Corrected the MOVEit SQLi check to avoid reporting an incorrect version