Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Web Application Vulnerabilities

This page lists 24342 vulnerabilities in 62 categories.

Critical: 1593 High: 13071 Medium: 8734 Low: 875 Information: 69
Vulnerability Name
CVE
CWE
Severity
Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-43164)
CVE-2022-43164
CWE-707
Medium
Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-43165)
CVE-2022-43165
CWE-707
Medium
Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-43166)
CVE-2022-43166
CWE-707
Medium
Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-43167)
CVE-2022-43167
CWE-707
Medium
Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-43169)
CVE-2022-43169
CWE-707
Medium
Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-43170)
CVE-2022-43170
CWE-707
Medium
Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-43185)
CVE-2022-43185
CWE-707
Medium
Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-44944)
CVE-2022-44944
CWE-707
Medium
Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-44946)
CVE-2022-44946
CWE-707
Medium
Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-44947)
CVE-2022-44947
CWE-707
Medium
Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-44948)
CVE-2022-44948
CWE-707
Medium
Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-44949)
CVE-2022-44949
CWE-707
Medium
Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-44950)
CVE-2022-44950
CWE-707
Medium
Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-44951)
CVE-2022-44951
CWE-707
Medium
Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-44952)
CVE-2022-44952
CWE-707
Medium
Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-45020)
CVE-2022-45020
CWE-707
High
Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-53897)
CVE-2023-53897
CWE-707
Medium
Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-53898)
CVE-2023-53898
CWE-707
Medium
Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-34468)
CVE-2024-34468
CWE-707
Medium
Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-34469)
CVE-2024-34469
CWE-707
High
Rukovoditel Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2022-48175)
CVE-2022-48175
CWE-138
Critical
Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-11812)
CVE-2020-11812
CWE-138
Critical
Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-11816)
CVE-2020-11816
CWE-138
Critical
Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-11820)
CVE-2020-11820
CWE-138
Critical
Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-13587)
CVE-2020-13587
CWE-138
High
Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-13588)
CVE-2020-13588
CWE-138
High
Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-13589)
CVE-2020-13589
CWE-138
High
Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-13590)
CVE-2020-13590
CWE-138
High
Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-13591)
CVE-2020-13591
CWE-138
High
Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-13592)
CVE-2020-13592
CWE-138
High
Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-43168)
CVE-2022-43168
CWE-138
Critical
Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-43288)
CVE-2022-43288
CWE-138
High
Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-44945)
CVE-2022-44945
CWE-138
Critical
Rukovoditel Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-20166)
CVE-2018-20166
CWE-434
High
Rukovoditel Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-11815)
CVE-2020-11815
CWE-434
Critical
Rukovoditel Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-11817)
CVE-2020-11817
CWE-434
Critical
Same origin method execution (SOME)
-
CWE-20
Medium
Same site scripting
-
CWE-350
Medium
SAML Consumer Service External Dereference SSRF
-
CWE-918
Medium
SAML Consumer Service XML entity injection (XXE)
-
CWE-611
High
SAML Consumer Service XSLT injection
-
CWE-91
High
SAML Consumer Service XSS vulnerability
-
CWE-80
High
SAML Response without signature
-
CWE-347
High
SAML Respose signature exclusion
-
CWE-347
High
Sangfor NGAF Authentication Bypass
-
CWE-287
High
SAP B2B/B2C CRM Local File Inclusion
-
CWE-22
High
SAP BO BIP SSRF (CVE-2020-6308)
CVE-2020-6308
CWE-918
Medium
SAP BO BIP XXE (CVE-2022-28213)
CVE-2022-28213
CWE-112
High
SAP Hybris Deserialization RCE
CVE-2019-0344
CWE-502
High
SAP ICF /sap/public/info sensitive information disclosure
-
CWE-200
Medium
SAP ICF URL redirection Vulnerability
-
CWE-601
Medium
SAP IGS XXE (CVE-2018-2392, CVE-2018-2393)
CVE-2018-2393
CWE-611
High
SAP Knowledge Management and Collaboration (KMC) incorrect permissions
-
CWE-285
High
SAP Management Console get user list
-
CWE-200
High
SAP Management Console list logfiles
-
CWE-200
High
SAP NetWeaver ConfigServlet remote command execution
-
CWE-94
High
SAP NetWeaver ipcpricing server side request forgery
-
CWE-918
High
SAP NetWeaver Java AS WD_CHAT information disclosure vulnerability
-
CWE-200
Medium
SAP NetWeaver RECON CVE-2020-6287
CVE-2020-6287
CWE-287
High
SAP NetWeaver server info information disclosure
-
CWE-200
Medium
SAP NetWeaver server info information disclosure BCB
-
CWE-200
Medium
SAP NetWeaver Visual Composer Unrestricted File Uploading (CVE-2025-31324)
CVE-2025-31324
CWE-434
Critical
SAP NW DI SSRF vulnerability (CVE-2021-33690)
CVE-2021-33690
CWE-918
High
SAP NW KW XSS vulnerability (CVE-2021-42063)
CVE-2021-42063
CWE-79
Medium
SAP Portal directory traversal vulnerability
-
CWE-22
High
SAP weak/predictable user credentials
-
CWE-200
High
Scheme URI Detected in Content Security Policy (CSP) Directive
-
CWE-942
Information
ScreenConnect Auth bypass (CVE-2024-1709)
CVE-2024-1708
CWE-288
Critical
SearchBlox Local File Inclusion (CVE-2020-35580)
CVE-2020-35580
CWE-22
High
Securepoint UTM (CVE-2023-22620, CVE-2023-22897)
CVE-2023-22897
CWE-863
High
Security update: Hotfix available for ColdFusion
CVE-2013-0632
CWE-287
High
Security vulnerability in MySQL/MariaDB sql/password.c
CVE-2012-2122
CWE-287
High
Select2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-10744)
CVE-2016-10744
CWE-707
Medium
Sensitive Data Exposure
-
CWE-200
Medium
Sensitive pages could be cached
-
CWE-200
Low