Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Medium Severity Vulnerabilities

Found 8734 vulnerabilities at Medium severity.

Vulnerability Name
CVE
CWE
Severity
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-26450)
CVE-2024-26450
CWE-352
Medium
Joomla URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-27184)
CVE-2024-27184
CWE-601
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-27186)
CVE-2024-27186
CWE-707
Medium
phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-27300)
CVE-2024-27300
CWE-707
Medium
Django Inefficient Regular Expression Complexity Vulnerability (CVE-2024-27351)
CVE-2024-27351
CWE-1333
Medium
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-27525)
CVE-2024-27525
CWE-707
Medium
Dotclear Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-27626)
CVE-2024-27626
CWE-707
Medium
phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-28106)
CVE-2024-28106
CWE-707
Medium
phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-28108)
CVE-2024-28108
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-28190)
CVE-2024-28190
CWE-707
Medium
Contao Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2024-28191)
CVE-2024-28191
CWE-138
Medium
Contao CVE-2024-28234 Vulnerability (CVE-2024-28234)
CVE-2024-28234
-
Medium
Contao CVE-2024-28235 Vulnerability (CVE-2024-28235)
CVE-2024-28235
-
Medium
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-28593)
CVE-2024-28593
CWE-94
Medium
Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-28662)
CVE-2024-28662
CWE-707
Medium
LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-28709)
CVE-2024-28709
CWE-707
Medium
LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-28710)
CVE-2024-28710
CWE-707
Medium
IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-28793)
CVE-2024-28793
CWE-707
Medium
Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-28852)
CVE-2024-28852
CWE-707
Medium
Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-28853)
CVE-2024-28853
CWE-707
Medium
phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-29179)
CVE-2024-29179
CWE-707
Medium
TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-29203)
CVE-2024-29203
CWE-707
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-29374)
CVE-2024-29374
CWE-707
Medium
TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-29881)
CVE-2024-29881
CWE-707
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-2123)
CVE-2024-2123
CWE-707
Medium
WP Plugin Contact Form 7 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-2242)
CVE-2024-2242
CWE-707
Medium
Artifactory Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-2247)
CVE-2024-2247
CWE-707
Medium
PHP Observable Discrepancy Vulnerability (CVE-2024-2408)
CVE-2024-2408
CWE-203
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-2765)
CVE-2024-2765
CWE-707
Medium
Chamilo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-30617)
CVE-2024-30617
CWE-352
Medium
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-30618)
CVE-2024-30618
CWE-707
Medium
XWikiplatform Use of Password Hash With Insufficient Computational Effort Vulnerability (CVE-2024-31464)
CVE-2024-31464
CWE-916
Medium
XWikiplatform Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-31985)
CVE-2024-31985
CWE-352
Medium
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-32464)
CVE-2024-32464
CWE-707
Medium
Moodle CVE-2024-33996 Vulnerability (CVE-2024-33996)
CVE-2024-33996
-
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-33997)
CVE-2024-33997
CWE-707
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-33998)
CVE-2024-33998
CWE-707
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-34000)
CVE-2024-34000
CWE-707
Medium
Moodle CVE-2024-34002 Vulnerability (CVE-2024-34002)
CVE-2024-34002
-
Medium
Moodle CVE-2024-34003 Vulnerability (CVE-2024-34003)
CVE-2024-34003
-
Medium
Moodle CVE-2024-34004 Vulnerability (CVE-2024-34004)
CVE-2024-34004
-
Medium
Moodle CVE-2024-34005 Vulnerability (CVE-2024-34005)
CVE-2024-34005
-
Medium
Moodle Inappropriate Encoding for Output Context Vulnerability (CVE-2024-34006)
CVE-2024-34006
CWE-838
Medium
TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-34355)
CVE-2024-34355
CWE-707
Medium
TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-34356)
CVE-2024-34356
CWE-707
Medium
TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-34357)
CVE-2024-34357
CWE-707
Medium
TYPO3 Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-34358)
CVE-2024-34358
CWE-770
Medium
Envoy Proxy Use After Free Vulnerability (CVE-2024-34362)
CVE-2024-34362
CWE-416
Medium
Envoy Proxy Out-of-bounds Write Vulnerability (CVE-2024-34364)
CVE-2024-34364
CWE-787
Medium
Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-34468)
CVE-2024-34468
CWE-707
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-34500)
CVE-2024-34500
CWE-707
Medium
TYPO3 CVE-2024-34537 Vulnerability (CVE-2024-34537)
CVE-2024-34537
-
Medium
GeoServer CVE-2024-34696 Vulnerability (CVE-2024-34696)
CVE-2024-34696
-
Medium
PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-34716)
CVE-2024-34716
CWE-707
Medium
PrestaShop CVE-2024-34717 Vulnerability (CVE-2024-34717)
CVE-2024-34717
-
Medium
GibbonEdu Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-34831)
CVE-2024-34831
CWE-707
Medium
IBM WebSEAL Weak Password Requirements Vulnerability (CVE-2024-35137)
CVE-2024-35137
CWE-521
Medium
IBM WebSEAL Incorrect Default Permissions Vulnerability (CVE-2024-35139)
CVE-2024-35139
CWE-276
Medium
GeoServer CVE-2024-35230 Vulnerability (CVE-2024-35230)
CVE-2024-35230
-
Medium
PrestaShop NULL Pointer Dereference Vulnerability (CVE-2024-36626)
CVE-2024-36626
CWE-476
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-37383)
CVE-2024-37383
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-37384)
CVE-2024-37384
CWE-707
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-37674)
CVE-2024-37674
CWE-707
Medium
Squid Out-of-bounds Write Vulnerability (CVE-2024-37894)
CVE-2024-37894
CWE-787
Medium
XWikiplatform Missing Authorization Vulnerability (CVE-2024-37898)
CVE-2024-37898
CWE-862
Medium
XWikiplatform Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-37900)
CVE-2024-37900
CWE-94
Medium
Moodle CVE-2024-38273 Vulnerability (CVE-2024-38273)
CVE-2024-38273
-
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-38274)
CVE-2024-38274
CWE-707
Medium
Moodle Use of a Key Past its Expiration Date Vulnerability (CVE-2024-38277)
CVE-2024-38277
CWE-324
Medium
Apache Traffic Server CVE-2024-38311 Vulnerability (CVE-2024-38311)
CVE-2024-38311
-
Medium
XWiki Incorrect Authorization Vulnerability (CVE-2024-38369)
CVE-2024-38369
CWE-863
Medium
Django Observable Timing Discrepancy Vulnerability (CVE-2024-39329)
CVE-2024-39329
CWE-208
Medium
Django Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-39330)
CVE-2024-39330
CWE-22
Medium
Open Resty Inefficient Algorithmic Complexity Vulnerability (CVE-2024-39702)
CVE-2024-39702
CWE-407
Medium
Apache HTTP Server CVE-2024-39884 Vulnerability (CVE-2024-39884)
CVE-2024-39884
-
Medium