Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Web Application Vulnerabilities

This page lists 24254 vulnerabilities in 62 categories.

Critical: 1581 High: 13032 Medium: 8704 Low: 868 Information: 69
Vulnerability Name
CVE
CWE
Severity
ZenCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-1413)
CVE-2012-1413
CWE-707
Low
ZenCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-0882)
CVE-2015-0882
CWE-707
Medium
ZenCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-6578)
CVE-2020-6578
CWE-707
Medium
ZenCart Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2021-3291)
CVE-2021-3291
CWE-138
High
ZenCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2005-3996)
CVE-2005-3996
CWE-138
Medium
ZenCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-6985)
CVE-2008-6985
CWE-138
Medium
ZenCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-6986)
CVE-2008-6986
CWE-138
Medium
ZenCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-2254)
CVE-2009-2254
CWE-138
High
ZenCart Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2024-5762)
CVE-2024-5762
CWE-829
High
ZenCart Other Vulnerability (CVE-2009-4323)
CVE-2009-4323
-
High
ZenCart Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-0697)
CVE-2006-0697
CWE-264
Critical
Zend framework configuration file information disclosure
-
CWE-538
High
Zend Framework local file disclosure via XXE injection
CVE-2015-5161
CWE-611
High
Zenphoto Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-5595)
CVE-2015-5595
CWE-352
Medium
Zenphoto Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-0993)
CVE-2012-0993
CWE-94
Medium
Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-6925)
CVE-2008-6925
CWE-707
Medium
Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-4562)
CVE-2009-4562
CWE-707
Medium
Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-4563)
CVE-2009-4563
CWE-707
Medium
Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4907)
CVE-2010-4907
CWE-707
Medium
Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-0995)
CVE-2012-0995
CWE-707
Medium
Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-2641)
CVE-2012-2641
CWE-707
Medium
Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4519)
CVE-2012-4519
CWE-707
Medium
Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-7241)
CVE-2013-7241
CWE-707
Medium
Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-2948)
CVE-2015-2948
CWE-707
Medium
Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-2949)
CVE-2015-2949
CWE-707
Medium
Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-5592)
CVE-2015-5592
CWE-707
Medium
Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-5593)
CVE-2015-5593
CWE-707
Medium
Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-5594)
CVE-2015-5594
CWE-707
Medium
Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20140)
CVE-2018-20140
CWE-707
Medium
Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5592)
CVE-2020-5592
CWE-707
Medium
Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-44449)
CVE-2022-44449
CWE-707
Medium
Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-53915)
CVE-2023-53915
CWE-707
Medium
Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-53916)
CVE-2023-53916
CWE-707
Medium
Zenphoto Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-5593)
CVE-2020-5593
CWE-138
High
Zenphoto Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2007-6666)
CVE-2007-6666
CWE-138
High
Zenphoto Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-4564)
CVE-2009-4564
CWE-138
Medium
Zenphoto Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-4566)
CVE-2009-4566
CWE-138
High
Zenphoto Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-4906)
CVE-2010-4906
CWE-138
High
Zenphoto Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-0994)
CVE-2012-0994
CWE-138
Medium
Zenphoto Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-7242)
CVE-2013-7242
CWE-138
Medium
Zenphoto Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-5591)
CVE-2015-5591
CWE-138
High
Zenphoto Improper Privilege Management Vulnerability (CVE-2018-0610)
CVE-2018-0610
CWE-269
High
Zenphoto Other Vulnerability (CVE-2006-2186)
CVE-2006-2186
-
Medium
Zenphoto Other Vulnerability (CVE-2006-2187)
CVE-2006-2187
-
Medium
Zenphoto Other Vulnerability (CVE-2007-0616)
CVE-2007-0616
-
High
Zenphoto Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-36079)
CVE-2020-36079
CWE-434
High
Zikula Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-4729)
CVE-2010-4729
CWE-352
Medium
Zikula Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-0535)
CVE-2011-0535
CWE-352
Medium
Zikula Cryptographic Issues Vulnerability (CVE-2010-4728)
CVE-2010-4728
-
Medium
Zikula Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-2293)
CVE-2014-2293
CWE-94
Critical
Zikula Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-1724)
CVE-2010-1724
CWE-707
Medium
Zikula Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0911)
CVE-2011-0911
CWE-707
Medium
Zikula Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-3352)
CVE-2011-3352
CWE-707
Medium
Zikula Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-3979)
CVE-2011-3979
CWE-707
Medium
Zikula Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-6168)
CVE-2013-6168
CWE-707
Medium
Zikula Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2016-9835)
CVE-2016-9835
CWE-138
Critical
Zimbra Collaboration LFI (CVE-2025-68645)
CVE-2025-68645
CWE-22
High
Zimbra Collaboration Suite SSRF (CVE-2020-7796)
CVE-2020-7796
CWE-918
High
Zimbra Collaboration XSS (CVE-2022-27926)
CVE-2022-27926
CWE-79
Medium
ZK Framework AuUploader Information Disclosure (CVE-2022-36537)
CVE-2022-36537
CWE-200
High
Zope Web Application Server Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2012-5507)
CVE-2012-5507
CWE-362
Medium
Zope Web Application Server Cryptographic Issues Vulnerability (CVE-2012-6661)
CVE-2012-6661
-
Medium
Zope Web Application Server CVE-2011-2528 Vulnerability (CVE-2011-2528)
CVE-2011-2528
-
High
Zope Web Application Server CVE-2011-3587 Vulnerability (CVE-2011-3587)
CVE-2011-3587
-
Critical
Zope Web Application Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2023-41050)
CVE-2023-41050
CWE-200
High
Zope Web Application Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-32633)
CVE-2021-32633
CWE-22
High
Zope Web Application Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-32674)
CVE-2021-32674
CWE-22
High
Zope Web Application Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-5145)
CVE-2009-5145
CWE-707
Medium
Zope Web Application Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-1104)
CVE-2010-1104
CWE-707
Medium
Zope Web Application Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4924)
CVE-2011-4924
CWE-707
Medium
Zope Web Application Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-42458)
CVE-2023-42458
CWE-707
Medium
Zope Web Application Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-44389)
CVE-2023-44389
CWE-707
Medium
Zope Web Application Server Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) (CVE-2021-33507)
CVE-2021-33507
CWE-707
Medium
Zope Web Application Server Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2021-32811)
CVE-2021-32811
CWE-915
High
Zope Web Application Server Other Vulnerability (CVE-2000-0062)
CVE-2000-0062
-
Critical