Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Medium Severity Vulnerabilities

Found 8102 vulnerabilities at Medium severity.

Vulnerability Name
CVE
CWE
Severity
Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-10406)
CVE-2019-10406
CWE-707
Medium
Roundcube Unspesificed Vulnerability (CVE-2019-10740)
CVE-2019-10740
-
Medium
Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-10909)
CVE-2019-10909
CWE-707
Medium
Elgg URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-11016)
CVE-2019-11016
CWE-601
Medium
PHP Use of Uninitialized Resource Vulnerability (CVE-2019-11038)
CVE-2019-11038
CWE-908
Medium
PHP Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-11045)
CVE-2019-11045
CWE-138
Medium
PHP Out-of-bounds Read Vulnerability (CVE-2019-11047)
CVE-2019-11047
CWE-125
Medium
PHP Integer Overflow or Wraparound Vulnerability (CVE-2019-11048)
CVE-2019-11048
CWE-190
Medium
PHP Out-of-bounds Read Vulnerability (CVE-2019-11050)
CVE-2019-11050
CWE-125
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11199)
CVE-2019-11199
CWE-707
Medium
jQuery Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2019-11358)
CVE-2019-11358
CWE-1321
Medium
Joomla Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2019-11358)
CVE-2019-11358
CWE-1321
Medium
Drupal Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2019-11358)
CVE-2019-11358
CWE-1321
Medium
WebLogic Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2019-11358)
CVE-2019-11358
CWE-1321
Medium
ProjectSend Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11533)
CVE-2019-11533
CWE-707
Medium
osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11537)
CVE-2019-11537
CWE-707
Medium
Atlassian Jira CVE-2019-11583 Vulnerability (CVE-2019-11583)
CVE-2019-11583
-
Medium
Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11584)
CVE-2019-11584
CWE-707
Medium
Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-11585)
CVE-2019-11585
CWE-601
Medium
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-11586)
CVE-2019-11586
CWE-352
Medium
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-11587)
CVE-2019-11587
CWE-352
Medium
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-11588)
CVE-2019-11588
CWE-352
Medium
Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-11589)
CVE-2019-11589
CWE-601
Medium
WeBid Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11592)
CVE-2019-11592
CWE-707
Medium
Nexus Repository Manager Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11629)
CVE-2019-11629
CWE-707
Medium
phpBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-11767)
CVE-2019-11767
CWE-918
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11809)
CVE-2019-11809
CWE-707
Medium
Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11846)
CVE-2019-11846
CWE-707
Medium
Serendipity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11870)
CVE-2019-11870
CWE-707
Medium
Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11876)
CVE-2019-11876
CWE-707
Medium
PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11876)
CVE-2019-11876
CWE-707
Medium
silverstripeCMS Session Fixation Vulnerability (CVE-2019-12203)
CVE-2019-12203
CWE-384
Medium
silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-12205)
CVE-2019-12205
CWE-707
Medium
silverstripeCMS Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2019-12245)
CVE-2019-12245
CWE-732
Medium
silverstripeCMS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-12246)
CVE-2019-12246
CWE-352
Medium
Django Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-12308)
CVE-2019-12308
CWE-707
Medium
Dot CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-12309)
CVE-2019-12309
CWE-22
Medium
Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-12386)
CVE-2019-12386
CWE-707
Medium
Twisted Web HTTP Server Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-12387)
CVE-2019-12387
CWE-138
Medium
Jboss EAP Improper Input Validation Vulnerability (CVE-2019-12400)
CVE-2019-12400
CWE-20
Medium
WebLogic Improper Input Validation Vulnerability (CVE-2019-12400)
CVE-2019-12400
CWE-20
Medium
MediaWiki CVE-2019-12467 Vulnerability (CVE-2019-12467)
CVE-2019-12467
-
Medium
MediaWiki Missing Authorization Vulnerability (CVE-2019-12469)
CVE-2019-12469
CWE-862
Medium
MediaWiki Missing Authorization Vulnerability (CVE-2019-12470)
CVE-2019-12470
CWE-862
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-12471)
CVE-2019-12471
CWE-707
Medium
Squid Out-of-bounds Write Vulnerability (CVE-2019-12521)
CVE-2019-12521
CWE-787
Medium
Squid Improper Privilege Management Vulnerability (CVE-2019-12522)
CVE-2019-12522
CWE-269
Medium
Squid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-12529)
CVE-2019-12529
CWE-200
Medium
phpMyAdmin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-12616)
CVE-2019-12616
CWE-352
Medium
TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-12748)
CVE-2019-12748
CWE-707
Medium
Joomla CVE-2019-12764 Vulnerability (CVE-2019-12764)
CVE-2019-12764
-
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-12766)
CVE-2019-12766
CWE-707
Medium
Django Cleartext Transmission of Sensitive Information Vulnerability (CVE-2019-12781)
CVE-2019-12781
CWE-319
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-12823)
CVE-2019-12823
CWE-707
Medium
phpMyAdmin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-12922)
CVE-2019-12922
CWE-352
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-13068)
CVE-2019-13068
CWE-707
Medium
Squid Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-13345)
CVE-2019-13345
CWE-707
Medium
phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-13376)
CVE-2019-13376
CWE-352
Medium
osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-13397)
CVE-2019-13397
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-13643)
CVE-2019-13643
CWE-707
Medium
silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14272)
CVE-2019-14272
CWE-707
Medium
silverstripeCMS Files or Directories Accessible to External Parties Vulnerability (CVE-2019-14273)
CVE-2019-14273
CWE-552
Medium
Craft CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-14280)
CVE-2019-14280
CWE-200
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14329)
CVE-2019-14329
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14330)
CVE-2019-14330
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14331)
CVE-2019-14331
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14349)
CVE-2019-14349
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14350)
CVE-2019-14350
CWE-707
Medium
Nexus Repository Manager Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14469)
CVE-2019-14469
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14546)
CVE-2019-14546
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14547)
CVE-2019-14547
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14548)
CVE-2019-14548
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14549)
CVE-2019-14549
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14550)
CVE-2019-14550
CWE-707
Medium
osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14748)
CVE-2019-14748
CWE-707
Medium