Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Web Application Vulnerabilities

This page lists 23441 vulnerabilities in 68 categories.

Critical: 1499 High: 12791 Medium: 8230 Low: 857 Information: 64
Vulnerability Name
CVE
CWE
Severity
Joomla! Core Security Bypass
CVE-2017-11364
CWE-264
High
Joomla! Core Security Bypass (1.5.0 - 3.8.12)
CVE-2018-17855
CWE-264
High
Joomla! Core Security Bypass (1.6.0 - 3.6.0)
-
CWE-264
High
Joomla! Core Security Bypass (1.6.0 - 3.6.5)
CVE-2017-7988
CWE-264
High
Joomla! Core Security Bypass (1.6.0 - 3.9.24)
CVE-2021-26029
CWE-264
High
Joomla! Core Security Bypass (1.6.2 - 3.9.10)
CVE-2019-15028
CWE-264
High
Joomla! Core Security Bypass (1.7.0 - 3.9.22)
CVE-2020-35616
CWE-264
High
Joomla! Core Security Bypass (2.5.0 - 3.8.7)
CVE-2018-11323
CWE-264
High
Joomla! Core Security Bypass (2.5.0 - 3.9.15)
CVE-2020-10238
CWE-264
High
Joomla! Core Security Bypass (2.5.0 - 3.9.16)
CVE-2020-11890
CWE-264
High
Joomla! Core Security Bypass (2.5.0 - 3.9.18)
CVE-2020-13763
CWE-264
High
Joomla! Core Security Bypass (2.5.0 - 3.9.19)
CVE-2020-15699
CWE-264
High
Joomla! Core Security Bypass (2.5.0 - 3.9.27)
CVE-2021-26038
CWE-284
High
Joomla! Core SQL Injection (1.7.0 - 3.9.15)
CVE-2020-10243
CWE-89
High
Joomla! JCE arbitrary file upload
-
CWE-20
High
Joomla! JomSocial remote code execution
-
CWE-94
High
Joomla! remote code execution vulnerability
CVE-2015-8562
CWE-94
High
Joomla! SQL injection vulnerability
CVE-2015-7858
CWE-89
High
Joomla! v3.2.2 SQL injection
-
CWE-89
High
jPlayer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-1942)
CVE-2013-1942
CWE-707
Medium
jPlayer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-2022)
CVE-2013-2022
CWE-707
Medium
jPlayer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-2023)
CVE-2013-2023
CWE-707
Medium
jQuery File Upload unauthenticated arbitrary file upload
CVE-2018-9206
CWE-434
High
jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4969)
CVE-2011-4969
CWE-707
Medium
jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-6708)
CVE-2012-6708
CWE-707
Medium
jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-6071)
CVE-2014-6071
CWE-707
Medium
jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-9251)
CVE-2015-9251
CWE-707
Medium
jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18405)
CVE-2018-18405
CWE-707
Medium
jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11022)
CVE-2020-11022
CWE-707
Medium
jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11023)
CVE-2020-11023
CWE-707
Medium
jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-23064)
CVE-2020-23064
CWE-707
Medium
jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-7656)
CVE-2020-7656
CWE-707
Medium
jQuery Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2019-11358)
CVE-2019-11358
CWE-1321
Medium
jQuery PrettyPhoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-9478)
CVE-2015-9478
CWE-707
Medium
jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5312)
CVE-2010-5312
CWE-707
Medium
jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41182)
CVE-2021-41182
CWE-707
Medium
jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41183)
CVE-2021-41183
CWE-707
Medium
jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41184)
CVE-2021-41184
CWE-707
Medium
jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31160)
CVE-2022-31160
CWE-707
Medium
JQuery UI Cross-site Scripting (XSS) Vulnerability (CVE-2016-7103)
CVE-2016-7103
-
Medium
jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5312)
CVE-2010-5312
CWE-707
Medium
jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41182)
CVE-2021-41182
CWE-707
Medium
jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41183)
CVE-2021-41183
CWE-707
Medium
jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41184)
CVE-2021-41184
CWE-707
Medium
jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31160)
CVE-2022-31160
CWE-707
Medium
jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5312)
CVE-2010-5312
CWE-707
Medium
jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41182)
CVE-2021-41182
CWE-707
Medium
jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41183)
CVE-2021-41183
CWE-707
Medium
jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41184)
CVE-2021-41184
CWE-707
Medium
jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31160)
CVE-2022-31160
CWE-707
Medium
jQuery Validation Other Vulnerability (CVE-2021-43306)
CVE-2021-43306
-
High
jQuery Validation Other Vulnerability (CVE-2022-31147)
CVE-2022-31147
-
High
jQuery Validation Uncontrolled Resource Consumption Vulnerability (CVE-2021-21252)
CVE-2021-21252
CWE-400
High
JSF ViewState client side storage
-
CWE-693
Medium
JSONP enabled by default in MappingJackson2JsonView
CVE-2018-11040
CWE-538
Medium
JSP authentication bypass
-
CWE-287
High
jszip CVE-2021-23413 Vulnerability (CVE-2021-23413)
CVE-2021-23413
-
Medium
jszip Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-48285)
CVE-2022-48285
CWE-22
High
Juniper Junos OS J-Web RCE (CVE-2023-36845/CVE-2023-36846)
CVE-2023-36846
CWE-473
Critical
Jupyter Notebook publicly accessible
-
CWE-78
High
JVM version leakage
-
CWE-200
Information
JWT Signature Bypass via kid Path Traversal
-
CWE-287
High
JWT Signature Bypass via kid SQL injection
-
CWE-287
High
JWT Signature Bypass via None Algorithm
-
CWE-345
High
JWT Signature Bypass via unvalidated jku parameter
-
CWE-287
High
JWT Signature Bypass via unvalidated jwk parameter
-
CWE-287
High
JWT Signature Bypass via unvalidated x5c parameter
-
CWE-287
High
JWT Signature Bypass via unvalidated x5u parameter
-
CWE-287
High
JWT Signature is not Verified
-
CWE-287
High
Kayako Fusion v4.51.1891 - multiple web vulnerabilities
-
CWE-79
High
Kentico CMS Deserialization RCE
CVE-2019-10068
CWE-502
High
Kentico CMS RCE CVE-2017-17736
CVE-2017-17736
CWE-425
High
Kentico Staging API Authentication Bypass
-
CWE-287
Critical
Kentico Staging API publicly accessible
-
CWE-200
Low
Keycloak clients-registrations XSS (CVE-2021-20323)
CVE-2021-20323
CWE-79
Medium