Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Medium Severity Vulnerabilities

Found 8734 vulnerabilities at Medium severity.

Vulnerability Name
CVE
CWE
Severity
Drupal Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2017-6928)
CVE-2017-6928
CWE-732
Medium
Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6929)
CVE-2017-6929
CWE-707
Medium
Drupal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-6931)
CVE-2017-6931
CWE-434
Medium
Drupal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-6932)
CVE-2017-6932
CWE-601
Medium
Django URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-7233)
CVE-2017-7233
CWE-601
Medium
Django URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-7234)
CVE-2017-7234
CWE-601
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7298)
CVE-2017-7298
CWE-707
Medium
MODX Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7320)
CVE-2017-7320
CWE-707
Medium
PostgreSQL Missing Encryption of Sensitive Data Vulnerability (CVE-2017-7485)
CVE-2017-7485
CWE-311
Medium
Moodle Improper Privilege Management Vulnerability (CVE-2017-7489)
CVE-2017-7489
CWE-269
Medium
Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2017-7490)
CVE-2017-7490
CWE-668
Medium
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-7491)
CVE-2017-7491
CWE-352
Medium
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7531)
CVE-2017-7531
CWE-200
Medium
Moodle Improper Privilege Management Vulnerability (CVE-2017-7532)
CVE-2017-7532
CWE-269
Medium
Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2017-7559)
CVE-2017-7559
CWE-444
Medium
phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7579)
CVE-2017-7579
CWE-707
Medium
Apache Tomcat Insufficient Verification of Data Authenticity Vulnerability (CVE-2017-7674)
CVE-2017-7674
CWE-345
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7725)
CVE-2017-7725
CWE-707
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7887)
CVE-2017-7887
CWE-707
Medium
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7890)
CVE-2017-7890
CWE-200
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7944)
CVE-2017-7944
CWE-707
Medium
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7983)
CVE-2017-7983
CWE-200
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7984)
CVE-2017-7984
CWE-707
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7985)
CVE-2017-7985
CWE-707
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7986)
CVE-2017-7986
CWE-707
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7987)
CVE-2017-7987
CWE-707
Medium
Joomla CVE-2017-7988 Vulnerability (CVE-2017-7988)
CVE-2017-7988
-
Medium
Joomla Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-7989)
CVE-2017-7989
CWE-434
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-8052)
CVE-2017-8052
CWE-707
Medium
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-8057)
CVE-2017-8057
CWE-200
Medium
concrete5 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-8082)
CVE-2017-8082
CWE-352
Medium
e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-8098)
CVE-2017-8098
CWE-352
Medium
MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-8103)
CVE-2017-8103
CWE-707
Medium
MyBB Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-8104)
CVE-2017-8104
CWE-22
Medium
MODX Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-8115)
CVE-2017-8115
CWE-22
Medium
WordPress Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2017-8295)
CVE-2017-8295
CWE-640
Medium
Craft CMS CVE-2017-8383 Vulnerability (CVE-2017-8383)
CVE-2017-8383
-
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-8384)
CVE-2017-8384
CWE-707
Medium
Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2017-8385)
CVE-2017-8385
CWE-640
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-8808)
CVE-2017-8808
CWE-707
Medium
MediaWiki Improper Input Validation Vulnerability (CVE-2017-8811)
CVE-2017-8811
CWE-20
Medium
MediaWiki CVE-2017-8812 Vulnerability (CVE-2017-8812)
CVE-2017-8812
-
Medium
Dolibarr Improper Authentication Vulnerability (CVE-2017-8879)
CVE-2017-8879
CWE-287
Medium
ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-8896)
CVE-2017-8896
CWE-707
Medium
WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9061)
CVE-2017-9061
CWE-707
Medium
WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9063)
CVE-2017-9063
CWE-707
Medium
MODX Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9068)
CVE-2017-9068
CWE-707
Medium
MODX Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9070)
CVE-2017-9070
CWE-707
Medium
MODX Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9071)
CVE-2017-9071
CWE-707
Medium
ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9338)
CVE-2017-9338
CWE-707
Medium
ownCloud CVE-2017-9339 Vulnerability (CVE-2017-9339)
CVE-2017-9339
-
Medium
ownCloud CVE-2017-9340 Vulnerability (CVE-2017-9340)
CVE-2017-9340
-
Medium
Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9452)
CVE-2017-9452
CWE-707
Medium
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-9463)
CVE-2017-9463
CWE-138
Medium
Piwigo URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-9464)
CVE-2017-9464
CWE-601
Medium
Atlassian Confluence Incorrect Default Permissions Vulnerability (CVE-2017-9505)
CVE-2017-9505
CWE-276
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9516)
CVE-2017-9516
CWE-707
Medium
ProjectSend Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9783)
CVE-2017-9783
CWE-707
Medium
ProjectSend Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9786)
CVE-2017-9786
CWE-707
Medium
Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9836)
CVE-2017-9836
CWE-707
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9838)
CVE-2017-9838
CWE-707
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9934)
CVE-2017-9934
CWE-707
Medium
MediaWiki Improper Privilege Management Vulnerability (CVE-2018-0503)
CVE-2018-0503
CWE-269
Medium
MediaWiki Insertion of Sensitive Information into Log File Vulnerability (CVE-2018-0504)
CVE-2018-0504
CWE-532
Medium
MediaWiki Improper Authentication Vulnerability (CVE-2018-0505)
CVE-2018-0505
CWE-287
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-0585)
CVE-2018-0585
CWE-707
Medium
Mailman Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-0618)
CVE-2018-0618
CWE-707
Medium
OpenSSL CVE-2018-0733 Vulnerability (CVE-2018-0733)
CVE-2018-0733
-
Medium
OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-0734)
CVE-2018-0734
CWE-327
Medium
OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-0735)
CVE-2018-0735
CWE-327
Medium
MySQL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-0735)
CVE-2018-0735
CWE-327
Medium
Oracle Application Server Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-0735)
CVE-2018-0735
CWE-327
Medium
OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-0737)
CVE-2018-0737
CWE-327
Medium
OpenSSL Uncontrolled Recursion Vulnerability (CVE-2018-0739)
CVE-2018-0739
CWE-674
Medium
SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-0864)
CVE-2018-0864
CWE-707
Medium