Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Medium Severity Vulnerabilities

Found 8734 vulnerabilities at Medium severity.

Vulnerability Name
CVE
CWE
Severity
Jenkins Server-Side Request Forgery (SSRF) Vulnerability (CVE-2018-1000067)
CVE-2018-1000067
CWE-918
Medium
Jenkins Improper Input Validation Vulnerability (CVE-2018-1000068)
CVE-2018-1000068
CWE-20
Medium
RubyGems Improper Input Validation Vulnerability (CVE-2018-1000077)
CVE-2018-1000077
CWE-20
Medium
RubyGems Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1000078)
CVE-2018-1000078
CWE-707
Medium
RubyGems Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1000079)
CVE-2018-1000079
CWE-22
Medium
Python Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2018-1000117)
CVE-2018-1000117
CWE-119
Medium
Jolokia Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1000129)
CVE-2018-1000129
CWE-707
Medium
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1000169)
CVE-2018-1000169
CWE-200
Medium
Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1000170)
CVE-2018-1000170
CWE-707
Medium
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1000192)
CVE-2018-1000192
CWE-200
Medium
Jenkins Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2018-1000193)
CVE-2018-1000193
CWE-138
Medium
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-1000195)
CVE-2018-1000195
CWE-352
Medium
Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1000406)
CVE-2018-1000406
CWE-22
Medium
Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1000407)
CVE-2018-1000407
CWE-707
Medium
Jenkins CVE-2018-1000408 Vulnerability (CVE-2018-1000408)
CVE-2018-1000408
-
Medium
Jenkins Session Fixation Vulnerability (CVE-2018-1000409)
CVE-2018-1000409
CWE-384
Medium
MyBB Improper Privilege Management Vulnerability (CVE-2018-1000503)
CVE-2018-1000503
CWE-269
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1000816)
CVE-2018-1000816
CWE-707
Medium
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1000862)
CVE-2018-1000862
CWE-200
Medium
Jenkins Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1000864)
CVE-2018-1000864
CWE-835
Medium
WeBid Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1000868)
CVE-2018-1000868
CWE-707
Medium
Oracle Database Server Improper Input Validation Vulnerability (CVE-2018-1000873)
CVE-2018-1000873
CWE-20
Medium
Jboss EAP Improper Input Validation Vulnerability (CVE-2018-1000873)
CVE-2018-1000873
CWE-20
Medium
Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1000997)
CVE-2018-1000997
CWE-22
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-10095)
CVE-2018-10095
CWE-707
Medium
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10100)
CVE-2018-10100
CWE-601
Medium
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10101)
CVE-2018-10101
CWE-601
Medium
WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-10102)
CVE-2018-10102
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-10125)
CVE-2018-10125
CWE-707
Medium
Oracle Database Server Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2018-10237)
CVE-2018-10237
CWE-770
Medium
Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2018-10237)
CVE-2018-10237
CWE-770
Medium
WebLogic Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2018-10237)
CVE-2018-10237
CWE-770
Medium
MODX Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-10382)
CVE-2018-10382
CWE-707
Medium
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-10545)
CVE-2018-10545
CWE-200
Medium
PHP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-10547)
CVE-2018-10547
CWE-707
Medium
MyBB URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10678)
CVE-2018-10678
CWE-601
Medium
Jboss EAP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-10862)
CVE-2018-10862
CWE-22
Medium
Moodle Insertion of Sensitive Information into Log File Vulnerability (CVE-2018-10889)
CVE-2018-10889
CWE-532
Medium
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-10890)
CVE-2018-10890
CWE-200
Medium
Jboss EAP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-10934)
CVE-2018-10934
CWE-707
Medium
WebLogic CVE-2018-11039 Vulnerability (CVE-2018-11039)
CVE-2018-11039
-
Medium
e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-11127)
CVE-2018-11127
CWE-352
Medium
Java Denial of Service (DoS) Vulnerability (CVE-2018-11212)
CVE-2018-11212
-
Medium
Joomla Improper Input Validation Vulnerability (CVE-2018-11321)
CVE-2018-11321
CWE-20
Medium
Joomla Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2018-11324)
CVE-2018-11324
CWE-362
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-11326)
CVE-2018-11326
CWE-707
Medium
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-11327)
CVE-2018-11327
CWE-200
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-11328)
CVE-2018-11328
CWE-707
Medium
Opencart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-11495)
CVE-2018-11495
CWE-22
Medium
e107 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-11734)
CVE-2018-11734
CWE-707
Medium
Apache HTTP Server CVE-2018-11763 Vulnerability (CVE-2018-11763)
CVE-2018-11763
-
Medium
WebLogic Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-11771)
CVE-2018-11771
CWE-835
Medium
Apache Tomcat URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-11784)
CVE-2018-11784
CWE-601
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-12099)
CVE-2018-12099
CWE-707
Medium
Nexus Repository Manager Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-12100)
CVE-2018-12100
CWE-707
Medium
Jetty CVE-2018-12536 Vulnerability (CVE-2018-12536)
CVE-2018-12536
-
Medium
phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-12581)
CVE-2018-12581
CWE-707
Medium
Phusion Passenger Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-12615)
CVE-2018-12615
CWE-732
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-12711)
CVE-2018-12711
CWE-707
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-13136)
CVE-2018-13136
CWE-707
Medium
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-13258)
CVE-2018-13258
CWE-200
Medium
Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-13387)
CVE-2018-13387
CWE-707
Medium
Atlassian Confluence Improper Input Validation Vulnerability (CVE-2018-13389)
CVE-2018-13389
CWE-20
Medium
Atlassian Jira Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-13391)
CVE-2018-13391
CWE-200
Medium
Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-13395)
CVE-2018-13395
CWE-707
Medium
Atlassian Jira Improper Privilege Management Vulnerability (CVE-2018-13400)
CVE-2018-13400
CWE-269
Medium
Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-13401)
CVE-2018-13401
CWE-601
Medium
Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-13402)
CVE-2018-13402
CWE-601
Medium
Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-13403)
CVE-2018-13403
CWE-707
Medium
Atlassian Jira Server-Side Request Forgery (SSRF) Vulnerability (CVE-2018-13404)
CVE-2018-13404
CWE-918
Medium
TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-13422)
CVE-2018-13422
CWE-707
Medium
Omeka Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-13423)
CVE-2018-13423
CWE-707
Medium
Java Multiple Vulnerabilities (CVE-2018-13785)
CVE-2018-13785
-
Medium
Mailman Improper Input Validation Vulnerability (CVE-2018-13796)
CVE-2018-13796
CWE-20
Medium
Bootstrap Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-14040)
CVE-2018-14040
CWE-707
Medium