Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Medium Severity Vulnerabilities

Found 8779 vulnerabilities at Medium severity.

Vulnerability Name
CVE
CWE
Severity
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62264)
CVE-2025-62264
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62265)
CVE-2025-62265
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62265)
CVE-2025-62265
CWE-707
Medium
Liferay DXP URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-62266)
CVE-2025-62266
CWE-601
Medium
Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-62266)
CVE-2025-62266
CWE-601
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62267)
CVE-2025-62267
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62267)
CVE-2025-62267
CWE-707
Medium
Liferay Portal Incorrect Authorization Vulnerability (CVE-2025-62275)
CVE-2025-62275
CWE-863
Medium
Liferay DXP Incorrect Authorization Vulnerability (CVE-2025-62275)
CVE-2025-62275
CWE-863
Medium
Liferay Portal Use of Web Browser Cache Containing Sensitive Information Vulnerability (CVE-2025-62276)
CVE-2025-62276
CWE-525
Medium
Liferay DXP Use of Web Browser Cache Containing Sensitive Information Vulnerability (CVE-2025-62276)
CVE-2025-62276
CWE-525
Medium
Moodle Improper Access Control Vulnerability (CVE-2025-62393)
CVE-2025-62393
CWE-284
Medium
Moodle Incorrect Authorization Vulnerability (CVE-2025-62394)
CVE-2025-62394
CWE-863
Medium
Moodle Improper Access Control Vulnerability (CVE-2025-62395)
CVE-2025-62395
CWE-284
Medium
Moodle Exposure of Information Through Directory Listing Vulnerability (CVE-2025-62396)
CVE-2025-62396
CWE-548
Medium
Moodle Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2025-62397)
CVE-2025-62397
CWE-209
Medium
Moodle CVE-2025-62398 Vulnerability (CVE-2025-62398)
CVE-2025-62398
-
Medium
Moodle CVE-2025-62400 Vulnerability (CVE-2025-62400)
CVE-2025-62400
-
Medium
Moodle Improper Authorization Vulnerability (CVE-2025-62401)
CVE-2025-62401
CWE-285
Medium
Piwigo Observable Response Discrepancy Vulnerability (CVE-2025-62512)
CVE-2025-62512
CWE-204
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-63082)
CVE-2025-63082
CWE-707
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-63083)
CVE-2025-63083
CWE-707
Medium
LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-63238)
CVE-2025-63238
CWE-707
Medium
CrushFTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-63419)
CVE-2025-63419
CWE-707
Medium
CrushFTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-63420)
CVE-2025-63420
CWE-707
Medium
Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2025-64527)
CVE-2025-64527
CWE-476
Medium
Envoy Proxy Protection Mechanism Failure Vulnerability (CVE-2025-64763)
CVE-2025-64763
CWE-693
Medium
Apache HTTP Server Improper Neutralization of Escape, Meta, or Control Sequences Vulnerability (CVE-2025-65082)
CVE-2025-65082
CWE-150
Medium
Contao Insufficient Type Distinction Vulnerability (CVE-2025-65960)
CVE-2025-65960
CWE-351
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-65961)
CVE-2025-65961
CWE-707
Medium
OpenSSL Memory Allocation with Excessive Size Value Vulnerability (CVE-2025-66199)
CVE-2025-66199
CWE-789
Medium
Apache HTTP Server Authentication Bypass Using an Alternate Path or Channel Vulnerability (CVE-2025-66200)
CVE-2025-66200
CWE-288
Medium
Werkzeug WSGI Improper Handling of Windows Device Names Vulnerability (CVE-2025-66221)
CVE-2025-66221
CWE-67
Medium
Angular Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-66412)
CVE-2025-66412
CWE-707
Medium
Chamilo URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-66447)
CVE-2025-66447
CWE-601
Medium
XWikiplatform Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-66472)
CVE-2025-66472
CWE-707
Medium
Masa CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-66492)
CVE-2025-66492
CWE-707
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-67475)
CVE-2025-67475
CWE-707
Medium
MediaWiki CVE-2025-67476 Vulnerability (CVE-2025-67476)
CVE-2025-67476
-
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-67477)
CVE-2025-67477
CWE-707
Medium
MediaWiki Improper Input Validation Vulnerability (CVE-2025-67480)
CVE-2025-67480
CWE-20
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-67481)
CVE-2025-67481
CWE-707
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-67483)
CVE-2025-67483
CWE-707
Medium
Jenkins Missing Authorization Vulnerability (CVE-2025-67636)
CVE-2025-67636
CWE-862
Medium
Jenkins Cleartext Storage of Sensitive Information Vulnerability (CVE-2025-67637)
CVE-2025-67637
CWE-312
Medium
Jenkins Cleartext Storage of Sensitive Information Vulnerability (CVE-2025-67638)
CVE-2025-67638
CWE-312
Medium
Tornado Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-67724)
CVE-2025-67724
CWE-707
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-67849)
CVE-2025-67849
CWE-707
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-67850)
CVE-2025-67850
CWE-707
Medium
Moodle URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-67852)
CVE-2025-67852
CWE-601
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-67855)
CVE-2025-67855
CWE-707
Medium
Moodle Insertion of Sensitive Information Into Sent Data Vulnerability (CVE-2025-67857)
CVE-2025-67857
CWE-201
Medium
OpenSSL Out-of-bounds Write Vulnerability (CVE-2025-68160)
CVE-2025-68160
CWE-787
Medium
Craft CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-68436)
CVE-2025-68436
CWE-200
Medium
Craft CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-68437)
CVE-2025-68437
CWE-918
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-68461)
CVE-2025-68461
CWE-707
Medium
phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-68951)
CVE-2025-68951
CWE-707
Medium
OpenSSL Missing Cryptographic Step Vulnerability (CVE-2025-69418)
CVE-2025-69418
CWE-325
Medium
Chamilo Use of Cache Containing Sensitive Information Vulnerability (CVE-2025-69581)
CVE-2025-69581
CWE-524
Medium
Python Uncontrolled Resource Consumption Vulnerability (CVE-2025-6075)
CVE-2025-6075
CWE-400
Medium
PHP NULL Pointer Dereference Vulnerability (CVE-2025-6491)
CVE-2025-6491
CWE-476
Medium
MongoDb Incorrect Authorization Vulnerability (CVE-2025-6707)
CVE-2025-6707
CWE-863
Medium
MongoDb Insertion of Sensitive Information into Log File Vulnerability (CVE-2025-6711)
CVE-2025-6711
CWE-532
Medium
MongoDb Uncontrolled Resource Consumption Vulnerability (CVE-2025-6712)
CVE-2025-6712
CWE-400
Medium
MongoDb Improper Authorization Vulnerability (CVE-2025-6713)
CVE-2025-6713
CWE-285
Medium
Podcast Generator Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-70336)
CVE-2025-70336
CWE-707
Medium
phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2025-70811)
CVE-2025-70811
CWE-352
Medium
MongoDb Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2025-7259)
CVE-2025-7259
CWE-843
Medium
TYPO3 Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-7900)
CVE-2025-7900
CWE-639
Medium
markdown-it Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-7969)
CVE-2025-7969
CWE-707
Medium
Pega Infinity Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-9559)
CVE-2025-9559
CWE-639
Medium
DOMPurify Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-0540)
CVE-2026-0540
CWE-707
Medium
Chamilo Incorrect Privilege Assignment Vulnerability (CVE-2026-1106)
CVE-2026-1106
CWE-266
Medium
Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-1207)
CVE-2026-1207
CWE-138
Medium
Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-1287)
CVE-2026-1287
CWE-138
Medium