Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
/ Configuration
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
Configuration
This page lists
401 vulnerabilities
in this category.
Critical: 4
High: 128
Medium: 174
Low: 50
Information: 45
Vulnerability Name
CVE
CWE
Severity
Content Security Policy (CSP) Contains Out of Scope report-uri Domain
-
CWE-16
Information
Unsupported Hash Detected in Content Security Policy (CSP)
-
CWE-16
Information
Deprecated Header Instruction Used to Implement Content Security Policy (CSP)
-
CWE-16
Information
Express express-session weak secret key
-
CWE-693
Information
Subresource Integrity (SRI) Not Implemented
-
CWE-830
Information
HTTP Strict Transport Security (HSTS) Errors and Warnings
-
CWE-16
Information
Content Security Policy (CSP) Not Implemented
-
CWE-16
Information
Insecure Referrer Policy
-
CWE-16
Information
Error page web server version disclosure
-
CWE-200
Information
TLS/SSL (EC)DHE Key Reuse
-
CWE-310
Information
Access-Control-Allow-Origin header with wildcard (*) value
-
CWE-284
Information
Cookies with Secure flag set over insecure connection
-
CWE-16
Information
Permissions-Policy header not implemented
-
CWE-1021
Information
Incorrect Content Security Policy (CSP) Implementation
-
CWE-16
Information
Wildcard Detected in Port Portion of Content Security Policy (CSP) Directive
-
CWE-16
Information
Invalid Content Security Policy (CSP) Directive Identified in meta Elements
-
CWE-16
Information
Content Security Policy (CSP) Keywords Not Used Within Single Quotes
-
CWE-16
Information
An Unsafe Content Security Policy (CSP) Directive in Use
-
CWE-16
Information
Nonce Usage Detected in Content Security Policy (CSP) Directive
-
CWE-16
Information
Content Security Policy (CSP) Nonce Without Matching Script Block
-
CWE-16
Information
Static Nonce Identified in Content Security Policy (CSP)
-
CWE-16
Information
default-src Used in Content Security Policy (CSP)
-
CWE-16
Information
Content Security Policy (CSP) report-uri Uses HTTP
-
CWE-16
Information
Wildcard Detected in Scheme Portion of Content Security Policy (CSP) Directive
-
CWE-16
Information
Wildcard Detected in Domain Portion of Content Security Policy (CSP) Directive
-
CWE-16
Information
Reverse Proxy Detected
-
CWE-16
Information
«
1
...
3
4
5
6
