Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.130426185443

Medium Severity Vulnerabilities

Found 15376 vulnerabilities at Medium severity.

Reference
Title
Technology
CVE-2026-33916
Handlebars Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Handlebars
CVE-2013-5212
easyXDM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
easyXDM
CVE-2014-1403
easyXDM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
easyXDM
CVE-2023-27739
easyXDM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
easyXDM
CVE-2016-4566
Plupload Cross-site Scripting (XSS) Vulnerability
Plupload
CVE-2019-16728
DOMPurify Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
DOMPurify
CVE-2020-26870
DOMPurify Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
DOMPurify
CVE-2019-25155
DOMPurify URL Redirection to Untrusted Site (Open Redirect) Vulnerability
DOMPurify
CVE-2024-45801
DOMPurify Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) Vulnerability
DOMPurify
CVE-2024-47875
DOMPurify Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
DOMPurify
CVE-2025-26791
DOMPurify Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
DOMPurify
CVE-2026-0540
DOMPurify Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
DOMPurify
CVE-2025-15599
DOMPurify Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
DOMPurify
CVE-2014-5326
DWR Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
DWR
CVE-2014-5325
DWR Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
DWR
CVE-2018-1000079
RubyGems Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
RubyGems
CVE-2018-1000078
RubyGems Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
RubyGems
CVE-2018-1000077
RubyGems Improper Input Validation Vulnerability
RubyGems
CVE-2015-4020
RubyGems Improper Input Validation Vulnerability
RubyGems
CVE-2015-3900
RubyGems 7PK - Security Features Vulnerability
RubyGems
CVE-2013-4363
RubyGems Cryptographic Issues Vulnerability
RubyGems
CVE-2013-4287
RubyGems Cryptographic Issues Vulnerability
RubyGems
CVE-2012-2126
RubyGems Cryptographic Issues Vulnerability
RubyGems
CVE-2012-2125
RubyGems Other Vulnerability
RubyGems
CVE-2019-16254
Ruby Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Ruby
CVE-2019-15845
Ruby Vulnerability
Ruby
CVE-2017-17742
Ruby Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Response Splitting) Vulnerability
Ruby
CVE-2020-10933
Ruby Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Ruby
CVE-2015-1855
Ruby Improper Input Validation Vulnerability
Ruby
CVE-2011-3624
Ruby Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Ruby