Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Medium Severity Vulnerabilities

Found 8734 vulnerabilities at Medium severity.

Vulnerability Name
CVE
CWE
Severity
Liferay DXP URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-28977)
CVE-2022-28977
CWE-601
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-28978)
CVE-2022-28978
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-28978)
CVE-2022-28978
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-28979)
CVE-2022-28979
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-28979)
CVE-2022-28979
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-28980)
CVE-2022-28980
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-28982)
CVE-2022-28982
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-28982)
CVE-2022-28982
CWE-707
Medium
SharePoint CVE-2022-29108 Vulnerability (CVE-2022-29108)
CVE-2022-29108
-
Medium
Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2022-29224)
CVE-2022-29224
CWE-476
Medium
XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-29251)
CVE-2022-29251
CWE-707
Medium
XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-29252)
CVE-2022-29252
CWE-707
Medium
XWiki Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-29253)
CVE-2022-29253
CWE-22
Medium
XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-29258)
CVE-2022-29258
CWE-707
Medium
Apache Denial of service in mod_lua r:parsebody Vulnerability (CVE-2022-29404)
CVE-2022-29404
-
Medium
WebLogic Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-29577)
CVE-2022-29577
CWE-707
Medium
LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-29710)
CVE-2022-29710
CWE-707
Medium
Caddy Web Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-29718)
CVE-2022-29718
CWE-601
Medium
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-29903)
CVE-2022-29903
CWE-352
Medium
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-29905)
CVE-2022-29905
CWE-352
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-29907)
CVE-2022-29907
CWE-707
Medium
Jenkins Other Vulnerability (CVE-2022-2048)
CVE-2022-2048
-
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-2060)
CVE-2022-2060
CWE-707
Medium
OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2022-2097)
CVE-2022-2097
CWE-327
Medium
Undertow CVE-2022-2764 Vulnerability (CVE-2022-2764)
CVE-2022-2764
-
Medium
Jboss EAP CVE-2022-2764 Vulnerability (CVE-2022-2764)
CVE-2022-2764
-
Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-2829)
CVE-2022-2829
CWE-707
Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-2885)
CVE-2022-2885
CWE-707
Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-2890)
CVE-2022-2890
CWE-707
Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-2924)
CVE-2022-2924
CWE-707
Medium
SharePoint CVE-2022-30157 Vulnerability (CVE-2022-30157)
CVE-2022-30157
-
Medium
SharePoint CVE-2022-30158 Vulnerability (CVE-2022-30158)
CVE-2022-30158
-
Medium
SharePoint CVE-2022-30159 Vulnerability (CVE-2022-30159)
CVE-2022-30159
-
Medium
SharePoint CVE-2022-30171 Vulnerability (CVE-2022-30171)
CVE-2022-30171
-
Medium
SharePoint CVE-2022-30172 Vulnerability (CVE-2022-30172)
CVE-2022-30172
-
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-30596)
CVE-2022-30596
CWE-707
Medium
Moodle Other Vulnerability (CVE-2022-30597)
CVE-2022-30597
-
Medium
Moodle CVE-2022-30598 Vulnerability (CVE-2022-30598)
CVE-2022-30598
-
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-30875)
CVE-2022-30875
CWE-707
Medium
Drupal Improper Removal of Sensitive Information Before Storage or Transfer Vulnerability (CVE-2022-31042)
CVE-2022-31042
CWE-212
Medium
Drupal Improper Removal of Sensitive Information Before Storage or Transfer Vulnerability (CVE-2022-31043)
CVE-2022-31043
CWE-212
Medium
TYPO3 Cleartext Transmission of Sensitive Information Vulnerability (CVE-2022-31046)
CVE-2022-31046
CWE-319
Medium
TYPO3 Insertion of Sensitive Information into Log File Vulnerability (CVE-2022-31047)
CVE-2022-31047
CWE-532
Medium
TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31048)
CVE-2022-31048
CWE-707
Medium
TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31049)
CVE-2022-31049
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31097)
CVE-2022-31097
CWE-707
Medium
jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31160)
CVE-2022-31160
CWE-707
Medium
jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31160)
CVE-2022-31160
CWE-707
Medium
jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31160)
CVE-2022-31160
CWE-707
Medium
XWiki Missing Authorization Vulnerability (CVE-2022-31167)
CVE-2022-31167
CWE-862
Medium
Nginx Use After Free Vulnerability (CVE-2022-31307)
CVE-2022-31307
CWE-416
Medium
PHP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2022-31628)
CVE-2022-31628
CWE-835
Medium
PHP CVE-2022-31629 Vulnerability (CVE-2022-31629)
CVE-2022-31629
-
Medium
osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-32074)
CVE-2022-32074
CWE-707
Medium
Nginx Use After Free Vulnerability (CVE-2022-32414)
CVE-2022-32414
CWE-416
Medium
Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-34170)
CVE-2022-34170
CWE-707
Medium
Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-34171)
CVE-2022-34171
CWE-707
Medium
Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-34257)
CVE-2022-34257
CWE-707
Medium
Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-34258)
CVE-2022-34258
CWE-707
Medium
Magento CVE-2022-34259 Vulnerability (CVE-2022-34259)
CVE-2022-34259
-
Medium
Apache Tomcat Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-34305)
CVE-2022-34305
CWE-707
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-34911)
CVE-2022-34911
CWE-707
Medium
MediaWiki CVE-2022-34912 Vulnerability (CVE-2022-34912)
CVE-2022-34912
-
Medium
osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-35212)
CVE-2022-35212
CWE-707
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-35651)
CVE-2022-35651
CWE-707
Medium
Moodle URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-35652)
CVE-2022-35652
CWE-601
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-35653)
CVE-2022-35653
CWE-707
Medium
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-35654)
CVE-2022-35654
CWE-707
Medium
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-35655)
CVE-2022-35655
CWE-707
Medium
Pega Infinity Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-35656)
CVE-2022-35656
CWE-352
Medium
Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-35740)
CVE-2022-35740
CWE-707
Medium
Grafana Authentication Bypass by Spoofing Vulnerability (CVE-2022-35957)
CVE-2022-35957
CWE-290
Medium
Next.js Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2022-36046)
CVE-2022-36046
CWE-754
Medium
XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-36095)
CVE-2022-36095
CWE-352
Medium
XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-36097)
CVE-2022-36097
CWE-707
Medium