Web Application Vulnerabilities

This page lists 23441 vulnerabilities in 68 categories.

Critical: 1499 High: 12791 Medium: 8230 Low: 857 Information: 64

Vulnerability Name

CVE

CWE

Severity

ASP.NET viewstate encryption disabled

-

CWE-16

Medium

ASP.NET ViewState Weak Validation Key

-

CWE-321

Critical

ASP.NET ViewStateUserKey Is Not Set

-

CWE-642

Low

ASP.NET WCF metadata enabled for behavior

-

CWE-16

Medium

ASP.NET WCF replay attacks are not detected

-

CWE-16

Medium

ASP.NET WCF service include exception details

-

CWE-16

Medium

ASP.NET: Failure To Require SSL For Authentication Cookies

-

CWE-319

Medium

Atlassian Confluence Access Restriction Bypass

CVE-2017-9505

-

Medium

Atlassian Confluence Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-6342)

CVE-2012-6342

CWE-352

Medium

Atlassian Confluence CVE-2020-29448 Vulnerability (CVE-2020-29448)

CVE-2020-29448

-

Medium

Atlassian Confluence CVE-2023-22503 Vulnerability (CVE-2023-22503)

CVE-2023-22503

-

Medium

Atlassian Confluence CVE-2023-22505 Vulnerability (CVE-2023-22505)

CVE-2023-22505

-

High

Atlassian Confluence CVE-2023-22508 Vulnerability (CVE-2023-22508)

CVE-2023-22508

-

High

Atlassian Confluence CVE-2023-22512 Vulnerability (CVE-2023-22512)

CVE-2023-22512

-

High

Atlassian Confluence CVE-2023-22515 Vulnerability (CVE-2023-22515)

CVE-2023-22515

-

Critical

Atlassian Confluence CVE-2024-21683 Vulnerability (CVE-2024-21683)

CVE-2024-21683

-

High

Atlassian Confluence Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8399)

CVE-2015-8399

CWE-200

Medium

Atlassian Confluence Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6668)

CVE-2016-6668

CWE-200

High

Atlassian Confluence Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7415)

CVE-2017-7415

CWE-200

High

Atlassian Confluence Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-20237)

CVE-2018-20237

CWE-200

Medium

Atlassian Confluence Improper Control of Dynamically-Managed Code Resources Vulnerability (CVE-2019-15006)

CVE-2019-15006

CWE-913

Medium

Atlassian Confluence Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-22526)

CVE-2023-22526

CWE-94

High

Atlassian Confluence Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-21672)

CVE-2024-21672

CWE-94

High

Atlassian Confluence Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-21673)

CVE-2024-21673

CWE-94

High

Atlassian Confluence Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-21674)

CVE-2024-21674

CWE-94

High

Atlassian Confluence Improper Input Validation Vulnerability (CVE-2018-13389)

CVE-2018-13389

CWE-20

Medium

Atlassian Confluence Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-3394)

CVE-2019-3394

CWE-22

High

Atlassian Confluence Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-3396)

CVE-2019-3396

CWE-22

Critical

Atlassian Confluence Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-3398)

CVE-2019-3398

CWE-22

High

Atlassian Confluence Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-21677)

CVE-2024-21677

CWE-22

High

Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8398)

CVE-2015-8398

CWE-707

Medium

Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-4317)

CVE-2016-4317

CWE-707

Medium

Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-6283)

CVE-2016-6283

CWE-707

Medium

Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-16856)

CVE-2017-16856

CWE-707

Medium

Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-18083)

CVE-2017-18083

CWE-707

Medium

Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-18084)

CVE-2017-18084

CWE-707

Medium

Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-18085)

CVE-2017-18085

CWE-707

Medium

Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-18086)

CVE-2017-18086

CWE-707

Medium

Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20239)

CVE-2018-20239

CWE-707

Medium

Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-20102)

CVE-2019-20102

CWE-707

Medium

Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-14175)

CVE-2020-14175

CWE-707

Medium

Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-29444)

CVE-2020-29444

CWE-707

Medium

Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-36290)

CVE-2020-36290

CWE-707

Medium

Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-21678)

CVE-2024-21678

CWE-707

High

Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-21686)

CVE-2024-21686

CWE-707

High

Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-21690)

CVE-2024-21690

CWE-707

High

Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-4027)

CVE-2020-4027

CWE-138

Medium

Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2021-26084)

CVE-2021-26084

CWE-138

Critical

Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2021-39114)

CVE-2021-39114

CWE-138

High

Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-22522)

CVE-2023-22522

CWE-138

High

Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-22527)

CVE-2023-22527

CWE-138

Critical

Atlassian Confluence Incorrect Authorization Vulnerability (CVE-2023-22518)

CVE-2023-22518

CWE-863

Critical

Atlassian Confluence Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26136)

CVE-2022-26136

CWE-180

Critical

Atlassian Confluence Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26137)

CVE-2022-26137

CWE-180

Critical

Atlassian Confluence Incorrect Default Permissions Vulnerability (CVE-2017-9505)

CVE-2017-9505

CWE-276

Medium

Atlassian Confluence Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2024-21703)

CVE-2024-21703

CWE-732

Medium

Atlassian Confluence information disclosure

CVE-2017-7415

-

High

Atlassian Confluence Missing Authorization Vulnerability (CVE-2019-15005)

CVE-2019-15005

CWE-862

Medium

Atlassian Confluence Missing Authorization Vulnerability (CVE-2021-26085)

CVE-2021-26085

CWE-862

Medium

Atlassian Confluence Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2928)

CVE-2012-2928

CWE-264

Medium

Atlassian Confluence Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-3395)

CVE-2019-3395

CWE-918

Critical

Atlassian Confluence Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-29445)

CVE-2020-29445

CWE-918

Medium

Atlassian Confluence Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-26072)

CVE-2021-26072

CWE-918

Medium

Atlassian Confluence Stored Cross Site Scripting

CVE-2016-6283

-

Medium

Atlassian Confluence Unauthenticated Remote Code Execution Vulnerability (CVE-2022-26134)

CVE-2022-26134

-

Critical

Atlassian Confluence Uncontrolled Search Path Element Vulnerability (CVE-2019-20406)

CVE-2019-20406

CWE-427

High

Atlassian Confluence Uncontrolled Search Path Element Vulnerability (CVE-2021-43940)

CVE-2021-43940

CWE-427

High

Atlassian Confluence Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-29450)

CVE-2020-29450

CWE-434

Medium

Atlassian Confluence Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-22504)

CVE-2023-22504

CWE-434

Medium

Atlassian Crowd Remote Code Execution

CVE-2019-11580

CWE-78

High

Atlassian Jira Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2020-14174)

CVE-2020-14174

CWE-639

Medium

Atlassian Jira Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2020-36231)

CVE-2020-36231

CWE-639

Medium

Atlassian Jira Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-41305)

CVE-2021-41305

CWE-639

High

Atlassian Jira Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-41306)

CVE-2021-41306

CWE-639

High

Atlassian Jira Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-41307)

CVE-2021-41307

CWE-639

High

«
1
...
11
12
13
...
313
»