Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.3.2229

Web Application Vulnerabilities

This page lists 24119 vulnerabilities in 70 categories.

Critical: 1560 High: 12984 Medium: 8644 Low: 865 Information: 66
Vulnerability Name
CVE
CWE
Severity
concrete5 Improper Input Validation Vulnerability (CVE-2017-18195)
CVE-2017-18195
CWE-20
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5181)
CVE-2012-5181
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-5108)
CVE-2014-5108
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-9526)
CVE-2014-9526
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-2250)
CVE-2015-2250
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-3989)
CVE-2015-3989
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-4721)
CVE-2015-4721
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6905)
CVE-2017-6905
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6908)
CVE-2017-6908
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7725)
CVE-2017-7725
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19146)
CVE-2018-19146
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3111)
CVE-2021-3111
CWE-707
Low
concrete5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-4724)
CVE-2015-4724
CWE-138
High
concrete5 Server-Side Request Forgery (SSRF) Vulnerability (CVE-2018-13790)
CVE-2018-13790
CWE-918
High
concrete5 Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-22958)
CVE-2021-22958
CWE-918
Critical
concrete5 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-11476)
CVE-2020-11476
CWE-434
High
concrete5 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-24986)
CVE-2020-24986
CWE-434
High
Configuration file disclosure
-
CWE-538
High
Configuration file source code disclosure
-
CWE-538
High
Confluence Widget Connector SSTI
CVE-2019-3396
CWE-22
High
Consul API publicly exposed
-
CWE-200
High
Contao Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-1297)
CVE-2012-1297
CWE-352
Medium
Contao Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10642)
CVE-2019-10642
CWE-352
High
Contao CVE-2018-20028 Vulnerability (CVE-2018-20028)
CVE-2018-20028
-
Medium
Contao CVE-2024-28234 Vulnerability (CVE-2024-28234)
CVE-2024-28234
-
Medium
Contao CVE-2024-28235 Vulnerability (CVE-2024-28235)
CVE-2024-28235
-
Medium
Contao Deserialization of Untrusted Data Vulnerability (CVE-2014-1860)
CVE-2014-1860
CWE-502
Critical
Contao Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-57756)
CVE-2025-57756
CWE-200
Medium
Contao Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-57757)
CVE-2025-57757
CWE-200
Medium
Contao Improper Access Control Vulnerability (CVE-2025-57758)
CVE-2025-57758
CWE-284
Medium
Contao Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-37626)
CVE-2021-37626
CWE-94
High
Contao Improper Encoding or Escaping of Output Vulnerability (CVE-2019-19714)
CVE-2019-19714
CWE-116
Medium
Contao Improper Input Validation Vulnerability (CVE-2020-25768)
CVE-2020-25768
CWE-20
Medium
Contao Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2015-0269)
CVE-2015-0269
CWE-22
Medium
Contao Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-10993)
CVE-2017-10993
CWE-22
High
Contao Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-29200)
CVE-2023-29200
CWE-22
Medium
Contao Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-45604)
CVE-2024-45604
CWE-22
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0508)
CVE-2011-0508
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4335)
CVE-2011-4335
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-10125)
CVE-2018-10125
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-5478)
CVE-2018-5478
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35210)
CVE-2021-35210
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35955)
CVE-2021-35955
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-24899)
CVE-2022-24899
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-36806)
CVE-2023-36806
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-28190)
CVE-2024-28190
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-45965)
CVE-2024-45965
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-29790)
CVE-2025-29790
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-65961)
CVE-2025-65961
CWE-707
Medium
Contao Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2024-28191)
CVE-2024-28191
CWE-138
Medium
Contao Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2024-45612)
CVE-2024-45612
CWE-138
Medium
Contao Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-4383)
CVE-2012-4383
CWE-138
High
Contao Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-16558)
CVE-2017-16558
CWE-138
Critical
Contao Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-11512)
CVE-2019-11512
CWE-138
Critical
Contao Improper Privilege Management Vulnerability (CVE-2021-37627)
CVE-2021-37627
CWE-269
High
Contao Improper Privilege Management Vulnerability (CVE-2025-57759)
CVE-2025-57759
CWE-269
Medium
Contao Incorrect Default Permissions Vulnerability (CVE-2019-19712)
CVE-2019-19712
CWE-276
Medium
Contao Insufficient Session Expiration Vulnerability (CVE-2024-30262)
CVE-2024-30262
CWE-613
High
Contao Insufficient Type Distinction Vulnerability (CVE-2025-65960)
CVE-2025-65960
CWE-351
Medium
Contao Key Management Errors Vulnerability (CVE-2019-10643)
CVE-2019-10643
-
Critical
Contao Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-19745)
CVE-2019-19745
CWE-434
High
Contao Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2024-45398)
CVE-2024-45398
CWE-434
High
Contao Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-10641)
CVE-2019-10641
CWE-640
Critical
Content Security Policy (CSP) Contains Out of Scope report-uri Domain
-
CWE-16
Information
Content Security Policy (CSP) Keywords Not Used Within Single Quotes
-
CWE-16
Information
Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes
-
CWE-16
Information
Content Security Policy (CSP) Nonce Without Matching Script Block
-
CWE-16
Information
Content Security Policy (CSP) Not Implemented
-
CWE-16
Information
Content Security Policy (CSP) report-uri Uses HTTP
-
CWE-16
Information
Content Security Policy Misconfiguration
-
CWE-16
Information
Content-Security-Policy-Report-Only Cannot Be Declared Between META Tags
-
CWE-16
Information
Content-Security-Policy-Report-Only Cannot Be Declared Without report-uri Directive
-
CWE-16
Information
Cookie signed with weak secret key
-
CWE-693
Medium
Cookies Not Marked as HttpOnly
-
CWE-1004
Low
Cookies Not Marked as Secure
-
CWE-614
Low