Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.3.2229

Information Severity Vulnerabilities

Found 66 vulnerabilities at Information severity.

Vulnerability Name
CVE
CWE
Severity
Generic Email Address Disclosure
-
CWE-200
Information
(Possible) Cross site scripting
-
CWE-79
Information
WebDAV Enabled
-
CWE-16
Information
Web server default welcome page
-
CWE-200
Information
Cross site scripting (requiring unencoded tag delimiter)
-
CWE-79
Information
Cross site scripting (requiring unencoded quote)
-
CWE-79
Information
.htaccess File Detected
-
CWE-443
Information
Access-Control-Allow-Origin header with wildcard (*) value
-
CWE-284
Information
File Upload Functionality Detected
-
-
Information
JVM version leakage
-
CWE-200
Information
Microsoft Frontpage configuration information
-
CWE-200
Information
Outdated JavaScript libraries
-
CWE-937
Information
Web Application Firewall Detected
-
CWE-16
Information
WordPress readme.html file
-
CWE-200
Information
WordPress user registration enabled
-
CWE-16
Information
HTML Injection (requiring unencoded tag delimiter)
-
CWE-80
Information
[Possible] Internal Path Disclosure (*nix)
-
CWE-200
Information
[Possible] Internal Path Disclosure (Windows)
-
CWE-200
Information
[Possible] WS_FTP Log File Detected
-
CWE-538
Information
Error page web server version disclosure
-
CWE-200
Information
Content Security Policy (CSP) Not Implemented
-
CWE-16
Information
Subresource Integrity (SRI) Not Implemented
-
CWE-830
Information
Express express-session weak secret key
-
CWE-693
Information
Reverse Proxy Detected
-
CWE-16
Information
HTTP Strict Transport Security (HSTS) Errors and Warnings
-
CWE-16
Information
Insecure Referrer Policy
-
CWE-16
Information
TLS/SSL (EC)DHE Key Reuse
-
CWE-310
Information
Javascript Source map detected
-
CWE-16
Information
Typo3 Admin publicly accessible
-
CWE-200
Information
Cookies with Secure flag set over insecure connection
-
CWE-16
Information
Content Security Policy Misconfiguration
-
CWE-16
Information
Permissions-Policy header not implemented
-
CWE-1021
Information
Retired hash function in SAML Response
-
CWE-16
Information
Deprecated Header Instruction Used to Implement Content Security Policy (CSP)
-
CWE-16
Information
Incorrect Content Security Policy (CSP) Implementation
-
CWE-16
Information
Invalid Content Security Policy (CSP) Directive Identified in meta Elements
-
CWE-16
Information
Content Security Policy (CSP) Keywords Not Used Within Single Quotes
-
CWE-16
Information
An Unsafe Content Security Policy (CSP) Directive in Use
-
CWE-16
Information
Nonce Usage Detected in Content Security Policy (CSP) Directive
-
CWE-16
Information
Content Security Policy (CSP) Nonce Without Matching Script Block
-
CWE-16
Information
Static Nonce Identified in Content Security Policy (CSP)
-
CWE-16
Information
default-src Used in Content Security Policy (CSP)
-
CWE-16
Information
Content Security Policy (CSP) report-uri Uses HTTP
-
CWE-16
Information
Content Security Policy (CSP) Contains Out of Scope report-uri Domain
-
CWE-16
Information
Wildcard Detected in Scheme Portion of Content Security Policy (CSP) Directive
-
CWE-16
Information
Wildcard Detected in Domain Portion of Content Security Policy (CSP) Directive
-
CWE-16
Information
Wildcard Detected in Port Portion of Content Security Policy (CSP) Directive
-
CWE-16
Information
Unsupported Hash Detected in Content Security Policy (CSP)
-
CWE-16
Information
Weak Nonce Detected in Content Security Policy (CSP) Declaration
-
CWE-16
Information
Multiple Content Security Policy (CSP) Implementation Detected
-
CWE-16
Information
Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes
-
CWE-16
Information
No Script Block Detected with the Hash Value Declared in Content Security Policy (CSP)
-
CWE-16
Information
data: Used in a Content Security Policy (CSP) Directive
-
CWE-16
Information
Missing object-src in CSP Declaration
-
CWE-16
Information
Scheme URI Detected in Content Security Policy (CSP) Directive
-
CWE-16
Information
Insecure Protocol Detected in Content Security Policy (CSP)
-
CWE-16
Information
Content-Security-Policy-Report-Only Cannot Be Declared Without report-uri Directive
-
CWE-16
Information
Content-Security-Policy-Report-Only Cannot Be Declared Between META Tags
-
CWE-16
Information
Magento 2.0-2.3 End of life
-
CWE-1104
Information
LLM Model Detected
-
CWE-200
Information
LLM Response Pattern Detected
-
CWE-200
Information
X-Content-Type-Options (XCTO) Not Implemented
-
-
Information
Potential Sensitive Data Disclosure
-
-
Information
Apple's App-Site Association (AASA) file
-
CWE-200
Information
Oracle JRE CVE-2012-0547 Vulnerability (CVE-2012-0547)
CVE-2012-0547
-
Information
Oracle JRE Other Vulnerability (CVE-2012-5085)
CVE-2012-5085
-
Information