Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Medium Severity Vulnerabilities

Found 8230 vulnerabilities at Medium severity.

Vulnerability Name
CVE
CWE
Severity
MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-46251)
CVE-2023-46251
CWE-707
Medium
XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-46732)
CVE-2023-46732
CWE-707
Medium
EspoCRM Server-Side Request Forgery (SSRF) Vulnerability (CVE-2023-46736)
CVE-2023-46736
CWE-918
Medium
Squid Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-46846)
CVE-2023-46846
-
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-46858)
CVE-2023-46858
CWE-707
Medium
osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-46967)
CVE-2023-46967
CWE-707
Medium
TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-47125)
CVE-2023-47125
CWE-707
Medium
TYPO3 CVE-2023-47126 Vulnerability (CVE-2023-47126)
CVE-2023-47126
-
Medium
TYPO3 Improper Authentication Vulnerability (CVE-2023-47127)
CVE-2023-47127
CWE-287
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-47272)
CVE-2023-47272
CWE-707
Medium
CubeCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-47283)
CVE-2023-47283
CWE-22
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-47795)
CVE-2023-47795
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-47795)
CVE-2023-47795
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-47797)
CVE-2023-47797
CWE-707
Medium
Liferay DXP Session Fixation Vulnerability (CVE-2023-47798)
CVE-2023-47798
CWE-384
Medium
Liferay Portal Session Fixation Vulnerability (CVE-2023-47798)
CVE-2023-47798
CWE-384
Medium
TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-48219)
CVE-2023-48219
CWE-707
Medium
CrushFTP Server Improper Validation of Integrity Check Value Vulnerability (CVE-2023-48795)
CVE-2023-48795
CWE-354
Medium
Jboss EAP Improper Validation of Integrity Check Value Vulnerability (CVE-2023-48795)
CVE-2023-48795
CWE-354
Medium
YetiForce CRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-49508)
CVE-2023-49508
CWE-22
Medium
phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-4007)
CVE-2023-4007
CWE-707
Medium
Jboss EAP CVE-2023-4061 Vulnerability (CVE-2023-4061)
CVE-2023-4061
-
Medium
Dolibarr Missing Authorization Vulnerability (CVE-2023-4198)
CVE-2023-4198
CWE-862
Medium
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-4220)
CVE-2023-4220
CWE-434
Medium
Caddy Web Server Authentication Bypass by Spoofing Vulnerability (CVE-2023-50463)
CVE-2023-50463
CWE-290
Medium
XWiki CVE-2023-50720 Vulnerability (CVE-2023-50720)
CVE-2023-50720
-
Medium
XWiki Incorrect Authorization Vulnerability (CVE-2023-50732)
CVE-2023-50732
CWE-863
Medium
GeoServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-51445)
CVE-2023-51445
CWE-707
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-51704)
CVE-2023-51704
CWE-707
Medium
Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-51790)
CVE-2023-51790
CWE-707
Medium
osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5111)
CVE-2023-5111
CWE-707
Medium
osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5112)
CVE-2023-5112
CWE-707
Medium
Liferay DXP URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-5190)
CVE-2023-5190
CWE-601
Medium
Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-5190)
CVE-2023-5190
CWE-601
Medium
phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5316)
CVE-2023-5316
CWE-707
Medium
phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5317)
CVE-2023-5317
CWE-707
Medium
phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5319)
CVE-2023-5319
CWE-707
Medium
phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5320)
CVE-2023-5320
CWE-707
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5323)
CVE-2023-5323
CWE-707
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5541)
CVE-2023-5541
CWE-707
Medium
Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-5542)
CVE-2023-5542
CWE-668
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5544)
CVE-2023-5544
CWE-707
Medium
Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-5545)
CVE-2023-5545
CWE-668
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5546)
CVE-2023-5546
CWE-707
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5547)
CVE-2023-5547
CWE-707
Medium
Moodle Insufficient Verification of Data Authenticity Vulnerability (CVE-2023-5548)
CVE-2023-5548
CWE-345
Medium
Moodle Improper Privilege Management Vulnerability (CVE-2023-5549)
CVE-2023-5549
CWE-269
Medium
WordPress CVE-2023-5561 Vulnerability (CVE-2023-5561)
CVE-2023-5561
-
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5631)
CVE-2023-5631
CWE-707
Medium
OpenSSL Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2023-5678)
CVE-2023-5678
CWE-754
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5842)
CVE-2023-5842
CWE-707
Medium
phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5863)
CVE-2023-5863
CWE-707
Medium
phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5864)
CVE-2023-5864
CWE-707
Medium
phpMyFAQ Sensitive Cookie in HTTPS Session Without 'Secure' Attribute Vulnerability (CVE-2023-5866)
CVE-2023-5866
CWE-614
Medium
phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5867)
CVE-2023-5867
CWE-707
Medium
PostgreSQL CVE-2023-5868 Vulnerability (CVE-2023-5868)
CVE-2023-5868
-
Medium
PostgreSQL CVE-2023-5870 Vulnerability (CVE-2023-5870)
CVE-2023-5870
-
Medium
phpBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5917)
CVE-2023-5917
CWE-707
Medium
OpenSSL Out-of-bounds Write Vulnerability (CVE-2023-6129)
CVE-2023-6129
CWE-787
Medium
Grafana Incorrect Authorization Vulnerability (CVE-2023-6152)
CVE-2023-6152
CWE-863
Medium
osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-6296)
CVE-2023-6296
CWE-707
Medium
Python CVE-2023-6507 Vulnerability (CVE-2023-6507)
CVE-2023-6507
-
Medium
TCExam Missing Authorization Vulnerability (CVE-2023-6554)
CVE-2023-6554
CWE-862
Medium
osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-6609)
CVE-2023-6609
CWE-707
Medium
WP Plugin Contact Form 7 Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2023-6630)
CVE-2023-6630
CWE-639
Medium
phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-6889)
CVE-2023-6889
CWE-707
Medium
phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-6890)
CVE-2023-6890
CWE-707
Medium
Sqlite Use After Free Vulnerability (CVE-2024-0232)
CVE-2024-0232
CWE-416
Medium
OpenSSL CVE-2024-0727 Vulnerability (CVE-2024-0727)
CVE-2024-0727
-
Medium
WordPress Ultimate Member Plugin Missing Authorization Vulnerability (CVE-2024-10528)
CVE-2024-10528
CWE-862
Medium
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-10716)
CVE-2024-10716
CWE-707
Medium
PostgreSQL CVE-2024-10976 Vulnerability (CVE-2024-10976)
CVE-2024-10976
-
Medium
PostgreSQL CVE-2024-10978 Vulnerability (CVE-2024-10978)
CVE-2024-10978
-
Medium
Drupal Other Vulnerability (CVE-2024-11942)
CVE-2024-11942
-
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-11993)
CVE-2024-11993
CWE-707
Medium