Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Medium Severity Vulnerabilities

Found 8734 vulnerabilities at Medium severity.

Vulnerability Name
CVE
CWE
Severity
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-22293)
CVE-2022-22293
CWE-707
Medium
Lighttpd Out-of-bounds Write Vulnerability (CVE-2022-22707)
CVE-2022-22707
CWE-787
Medium
Django Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-22818)
CVE-2022-22818
CWE-707
Medium
GibbonEdu Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-22868)
CVE-2022-22868
CWE-707
Medium
Spring Cloud Gateway Improper Certificate Validation Vulnerability (CVE-2022-22946)
CVE-2022-22946
CWE-295
Medium
WebLogic Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2022-23437)
CVE-2022-23437
CWE-835
Medium
TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-23494)
CVE-2022-23494
CWE-707
Medium
TYPO3 Improper Authentication Vulnerability (CVE-2022-23501)
CVE-2022-23501
CWE-287
Medium
TYPO3 Insufficient Session Expiration Vulnerability (CVE-2022-23502)
CVE-2022-23502
CWE-613
Medium
TYPO3 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression La Vulnerability (CVE-2022-23504)
CVE-2022-23504
CWE-138
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-23552)
CVE-2022-23552
CWE-707
Medium
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-23599)
CVE-2022-23599
CWE-707
Medium
Envoy Proxy Uncontrolled Recursion Vulnerability (CVE-2022-23606)
CVE-2022-23606
CWE-674
Medium
XWiki Incorrect Authorization Vulnerability (CVE-2022-23615)
CVE-2022-23615
CWE-863
Medium
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2022-23616)
CVE-2022-23616
CWE-138
Medium
XWiki Missing Authorization Vulnerability (CVE-2022-23617)
CVE-2022-23617
CWE-862
Medium
XWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-23618)
CVE-2022-23618
CWE-601
Medium
XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2022-23620)
CVE-2022-23620
CWE-116
Medium
XWiki Files or Directories Accessible to External Parties Vulnerability (CVE-2022-23621)
CVE-2022-23621
CWE-552
Medium
XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-23622)
CVE-2022-23622
CWE-707
Medium
Ruby on Rails CVE-2022-23633 Vulnerability (CVE-2022-23633)
CVE-2022-23633
-
Medium
Ruby on Rails CVE-2022-23634 Vulnerability (CVE-2022-23634)
CVE-2022-23634
-
Medium
Joomla Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2022-23794)
CVE-2022-23794
CWE-209
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-23796)
CVE-2022-23796
CWE-707
Medium
Joomla URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-23798)
CVE-2022-23798
CWE-601
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-23800)
CVE-2022-23800
CWE-707
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-23801)
CVE-2022-23801
CWE-707
Medium
phpMyAdmin Improper Authentication Vulnerability (CVE-2022-23807)
CVE-2022-23807
CWE-287
Medium
phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-23808)
CVE-2022-23808
CWE-707
Medium
GibbonEdu Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-23871)
CVE-2022-23871
CWE-707
Medium
MongoDb Reachable Assertion Vulnerability (CVE-2022-24272)
CVE-2022-24272
CWE-617
Medium
silverstripeCMS Session Fixation Vulnerability (CVE-2022-24444)
CVE-2022-24444
CWE-384
Medium
SharePoint CVE-2022-24472 Vulnerability (CVE-2022-24472)
CVE-2022-24472
-
Medium
Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-24620)
CVE-2022-24620
CWE-707
Medium
CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-24728)
CVE-2022-24728
CWE-707
Medium
Drupal Improper Input Validation Vulnerability (CVE-2022-24775)
CVE-2022-24775
CWE-20
Medium
XWiki Exposure of Private Personal Information to an Unauthorized Actor Vulnerability (CVE-2022-24819)
CVE-2022-24819
CWE-359
Medium
XWiki Missing Authentication for Critical Function Vulnerability (CVE-2022-24820)
CVE-2022-24820
CWE-306
Medium
WebLogic Uncontrolled Resource Consumption Vulnerability (CVE-2022-24839)
CVE-2022-24839
CWE-400
Medium
WebLogic Other Vulnerability (CVE-2022-24891)
CVE-2022-24891
-
Medium
XWiki Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-24897)
CVE-2022-24897
CWE-22
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-24899)
CVE-2022-24899
CWE-707
Medium
Liferay Portal Origin Validation Error Vulnerability (CVE-2022-25146)
CVE-2022-25146
CWE-346
Medium
Liferay DXP Origin Validation Error Vulnerability (CVE-2022-25146)
CVE-2022-25146
CWE-346
Medium
Drupal Incorrect Authorization Vulnerability (CVE-2022-25270)
CVE-2022-25270
CWE-863
Medium
Drupal Incorrect Authorization Vulnerability (CVE-2022-25274)
CVE-2022-25274
CWE-863
Medium
Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-25276)
CVE-2022-25276
CWE-707
Medium
Drupal CVE-2022-25278 Vulnerability (CVE-2022-25278)
CVE-2022-25278
-
Medium
Oracle HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2022-25313)
CVE-2022-25313
CWE-400
Medium
ownCloud Other Vulnerability (CVE-2022-25338)
CVE-2022-25338
-
Medium
ownCloud Other Vulnerability (CVE-2022-25339)
CVE-2022-25339
-
Medium
AngularJS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-25869)
CVE-2022-25869
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-26593)
CVE-2022-26593
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-26593)
CVE-2022-26593
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-26594)
CVE-2022-26594
CWE-707
Medium
Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2022-26595)
CVE-2022-26595
CWE-276
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-26596)
CVE-2022-26596
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-26596)
CVE-2022-26596
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-26597)
CVE-2022-26597
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-26597)
CVE-2022-26597
CWE-707
Medium
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-27422)
CVE-2022-27422
CWE-707
Medium
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-27425)
CVE-2022-27425
CWE-707
Medium
Nexus Repository Manager Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-27907)
CVE-2022-27907
CWE-918
Medium
Joomla CVE-2022-27911 Vulnerability (CVE-2022-27911)
CVE-2022-27911
-
Medium
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-27912)
CVE-2022-27912
CWE-200
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-27913)
CVE-2022-27913
CWE-707
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-27914)
CVE-2022-27914
CWE-707
Medium
MediaWiki Uncontrolled Recursion Vulnerability (CVE-2022-28201)
CVE-2022-28201
CWE-674
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-28202)
CVE-2022-28202
CWE-707
Medium
Apache read beyond bounds in mod_isapi Vulnerability (CVE-2022-28330)
CVE-2022-28330
-
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-28378)
CVE-2022-28378
CWE-707
Medium
Apache read beyond bounds via ap_rwrite() Vulnerability (CVE-2022-28614)
CVE-2022-28614
-
Medium
silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-28803)
CVE-2022-28803
CWE-707
Medium
Caddy Web Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-28923)
CVE-2022-28923
CWE-601
Medium
Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-28977)
CVE-2022-28977
CWE-601
Medium