Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Medium Severity Vulnerabilities

Found 8734 vulnerabilities at Medium severity.

Vulnerability Name
CVE
CWE
Severity
SharePoint Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-42309)
CVE-2021-42309
CWE-732
Medium
SharePoint Authentication Bypass by Spoofing Vulnerability (CVE-2021-42320)
CVE-2021-42320
CWE-290
Medium
Nexus Repository Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-42568)
CVE-2021-42568
CWE-200
Medium
SharePoint CVE-2021-43242 Vulnerability (CVE-2021-43242)
CVE-2021-43242
-
Medium
Nexus Repository Manager Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-43293)
CVE-2021-43293
CWE-918
Medium
Mailman Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-43331)
CVE-2021-43331
CWE-707
Medium
Mailman Insufficiently Protected Credentials Vulnerability (CVE-2021-43332)
CVE-2021-43332
CWE-522
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-43558)
CVE-2021-43558
CWE-707
Medium
Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-43560)
CVE-2021-43560
CWE-668
Medium
FluxBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-43677)
CVE-2021-43677
CWE-707
Medium
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-43687)
CVE-2021-43687
CWE-707
Medium
PostgreSQL Improper Certificate Validation Vulnerability (CVE-2021-43767)
CVE-2021-43767
CWE-295
Medium
Grafana Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-43813)
CVE-2021-43813
CWE-22
Medium
Grafana Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-43815)
CVE-2021-43815
CWE-22
Medium
Jenkins Uncontrolled Resource Consumption Vulnerability (CVE-2021-43859)
CVE-2021-43859
CWE-400
Medium
SharePoint CVE-2021-43876 Vulnerability (CVE-2021-43876)
CVE-2021-43876
-
Medium
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-43941)
CVE-2021-43941
CWE-352
Medium
Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-43945)
CVE-2021-43945
CWE-707
Medium
Atlassian Jira Improper Authentication Vulnerability (CVE-2021-43946)
CVE-2021-43946
CWE-287
Medium
Atlassian Jira Incorrect Authorization Vulnerability (CVE-2021-43948)
CVE-2021-43948
CWE-863
Medium
Atlassian Jira Improper Authentication Vulnerability (CVE-2021-43950)
CVE-2021-43950
CWE-287
Medium
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-43952)
CVE-2021-43952
CWE-352
Medium
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-43953)
CVE-2021-43953
CWE-352
Medium
Nexus Repository Manager Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2021-43961)
CVE-2021-43961
CWE-138
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-44025)
CVE-2021-44025
CWE-707
Medium
CrushFTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-44076)
CVE-2021-44076
CWE-707
Medium
Ruby on Rails URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-44528)
CVE-2021-44528
CWE-601
Medium
WebLogic Improper Input Validation Vulnerability (CVE-2021-44832)
CVE-2021-44832
CWE-20
Medium
MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-44854)
CVE-2021-44854
CWE-668
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-44855)
CVE-2021-44855
CWE-707
Medium
MediaWiki Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2021-44856)
CVE-2021-44856
CWE-754
Medium
MediaWiki Improper Privilege Management Vulnerability (CVE-2021-44857)
CVE-2021-44857
CWE-269
Medium
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-45038)
CVE-2021-45038
CWE-200
Medium
Artifactory Incorrect Authorization Vulnerability (CVE-2021-45074)
CVE-2021-45074
CWE-863
Medium
WebLogic Improper Input Validation Vulnerability (CVE-2021-45105)
CVE-2021-45105
CWE-20
Medium
Sqlite Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2021-45346)
CVE-2021-45346
CWE-401
Medium
Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-45357)
CVE-2021-45357
CWE-707
Medium
Django Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-45452)
CVE-2021-45452
CWE-22
Medium
MediaWiki CVE-2021-45471 Vulnerability (CVE-2021-45471)
CVE-2021-45471
-
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-45472)
CVE-2021-45472
CWE-707
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-45473)
CVE-2021-45473
CWE-707
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-45474)
CVE-2021-45474
CWE-707
Medium
Artifactory Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-45721)
CVE-2021-45721
CWE-707
Medium
Artifactory Incorrect Authorization Vulnerability (CVE-2021-45730)
CVE-2021-45730
CWE-863
Medium
osTicket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-45811)
CVE-2021-45811
CWE-138
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-46144)
CVE-2021-46144
CWE-707
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-46146)
CVE-2021-46146
CWE-707
Medium
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-46148)
CVE-2021-46148
CWE-200
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-46150)
CVE-2021-46150
CWE-707
Medium
Artifactory Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-46687)
CVE-2021-46687
CWE-668
Medium
Squid Uncontrolled Resource Consumption Vulnerability (CVE-2021-46784)
CVE-2021-46784
CWE-400
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-47779)
CVE-2021-47779
CWE-707
Medium
Elgg Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-4072)
CVE-2021-4072
CWE-707
Medium
YetiForce CRM Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-4092)
CVE-2021-4092
CWE-352
Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-4107)
CVE-2021-4107
CWE-707
Medium
YetiForce CRM Improper Input Validation Vulnerability (CVE-2021-4111)
CVE-2021-4111
CWE-20
Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-4116)
CVE-2021-4116
CWE-707
Medium
YetiForce CRM Improper Input Validation Vulnerability (CVE-2021-4117)
CVE-2021-4117
CWE-20
Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-4121)
CVE-2021-4121
CWE-707
Medium
OpenSSL CVE-2021-4160 Vulnerability (CVE-2021-4160)
CVE-2021-4160
-
Medium
Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2021-4183)
CVE-2021-4183
CWE-125
Medium
Python Unchecked Return Value Vulnerability (CVE-2021-4189)
CVE-2021-4189
CWE-252
Medium
Angular Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-4231)
CVE-2021-4231
CWE-707
Medium
Dolibarr Improper Input Validation Vulnerability (CVE-2022-0174)
CVE-2022-0174
CWE-20
Medium
Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-0334)
CVE-2022-0334
CWE-668
Medium
Dolibarr Other Vulnerability (CVE-2022-0414)
CVE-2022-0414
-
Medium
Dolibarr Incorrect Authorization Vulnerability (CVE-2022-0731)
CVE-2022-0731
CWE-863
Medium
Dolibarr Other Vulnerability (CVE-2022-0746)
CVE-2022-0746
-
Medium
reveal.js Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-0776)
CVE-2022-0776
CWE-707
Medium
Jboss EAP Incorrect Authorization Vulnerability (CVE-2022-0866)
CVE-2022-0866
CWE-863
Medium
Moodle Incorrect Authorization Vulnerability (CVE-2022-0984)
CVE-2022-0984
CWE-863
Medium
Moodle Improper Authentication Vulnerability (CVE-2022-0985)
CVE-2022-0985
CWE-287
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-1208)
CVE-2022-1208
CWE-707
Medium
WordPress Ultimate Member Plugin URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-1209)
CVE-2022-1209
CWE-601
Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-1340)
CVE-2022-1340
CWE-707
Medium