Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Known Vulnerabilities

This page lists 13509 vulnerabilities in this category.

Critical: 1465 High: 3387 Medium: 7907 Low: 748 Information: 2
Vulnerability Name
CVE
CWE
Severity
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18623)
CVE-2018-18623
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18624)
CVE-2018-18624
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18625)
CVE-2018-18625
CWE-707
Medium
Jenkins Incorrect Authorization Vulnerability (CVE-2018-1999004)
CVE-2018-1999004
CWE-863
Medium
Joomla CVE-2018-17859 Vulnerability (CVE-2018-17859)
CVE-2018-17859
-
Medium
Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1999005)
CVE-2018-1999005
CWE-707
Medium
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1999006)
CVE-2018-1999006
CWE-200
Medium
Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1999007)
CVE-2018-1999007
CWE-707
Medium
MathJax Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1999024)
CVE-2018-1999024
CWE-707
Medium
Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2018-1999042)
CVE-2018-1999042
CWE-502
Medium
Jenkins Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1999044)
CVE-2018-1999044
CWE-835
Medium
Jenkins Improper Authentication Vulnerability (CVE-2018-1999045)
CVE-2018-1999045
CWE-287
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17866)
CVE-2018-17866
CWE-707
Medium
Joomla Incorrect Authorization Vulnerability (CVE-2018-17857)
CVE-2018-17857
CWE-863
Medium
Jenkins Incorrect Authorization Vulnerability (CVE-2018-1999047)
CVE-2018-1999047
CWE-863
Medium
LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17003)
CVE-2018-17003
CWE-707
Medium
Ruby on Rails CVE-2018-16477 Vulnerability (CVE-2018-16477)
CVE-2018-16477
-
Medium
Lodash CVE-2018-16487 Vulnerability (CVE-2018-16487)
CVE-2018-16487
-
Medium
Nexus Repository Manager Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-16619)
CVE-2018-16619
CWE-707
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-16808)
CVE-2018-16808
CWE-707
Medium
Nginx Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-16845)
CVE-2018-16845
CWE-835
Medium
Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-16980)
CVE-2018-16980
CWE-707
Medium
Django Insufficiently Protected Credentials Vulnerability (CVE-2018-16984)
CVE-2018-16984
CWE-522
Medium
e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-17081)
CVE-2018-17081
CWE-352
Medium
SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17784)
CVE-2018-17784
CWE-707
Medium
PHP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17082)
CVE-2018-17082
CWE-707
Medium
MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17128)
CVE-2018-17128
CWE-707
Medium
Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2018-17189)
CVE-2018-17189
CWE-400
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17301)
CVE-2018-17301
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17302)
CVE-2018-17302
CWE-707
Medium
Dot CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-17422)
CVE-2018-17422
CWE-601
Medium
e107 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17423)
CVE-2018-17423
CWE-707
Medium
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17571)
CVE-2018-17571
CWE-707
Medium
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1999046)
CVE-2018-1999046
CWE-200
Medium
Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-19039)
CVE-2018-19039
CWE-200
Medium
IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1408)
CVE-2018-1408
CWE-707
Medium
Apache HTTP Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2018-1301)
CVE-2018-1301
CWE-119
Medium
Moodle CVE-2018-1081 Vulnerability (CVE-2018-1081)
CVE-2018-1081
-
Medium
Moodle Improper Privilege Management Vulnerability (CVE-2018-1134)
CVE-2018-1134
CWE-269
Medium
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1135)
CVE-2018-1135
CWE-200
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1136)
CVE-2018-1136
CWE-707
Medium
Squid NULL Pointer Dereference Vulnerability (CVE-2018-1172)
CVE-2018-1172
CWE-476
Medium
WebLogic CVE-2018-1257 Vulnerability (CVE-2018-1257)
CVE-2018-1257
-
Medium
Apache HTTP Server CVE-2018-1283 Vulnerability (CVE-2018-1283)
CVE-2018-1283
-
Medium
Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2018-1302)
CVE-2018-1302
CWE-476
Medium
Undertow Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') Vulnerability (CVE-2018-1067)
CVE-2018-1067
CWE-113
Medium
Apache Tomcat CVE-2018-1304 Vulnerability (CVE-2018-1304)
CVE-2018-1304
-
Medium
Jboss EAP CVE-2018-1304 Vulnerability (CVE-2018-1304)
CVE-2018-1304
-
Medium
Apache Tomcat CVE-2018-1305 Vulnerability (CVE-2018-1305)
CVE-2018-1305
-
Medium
WebLogic CVE-2018-1313 Vulnerability (CVE-2018-1313)
CVE-2018-1313
-
Medium
WebLogic Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1324)
CVE-2018-1324
CWE-835
Medium
IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1394)
CVE-2018-1394
CWE-707
Medium
IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1407)
CVE-2018-1407
CWE-707
Medium
Jboss EAP Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') Vulnerability (CVE-2018-1067)
CVE-2018-1067
CWE-113
Medium
PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1052)
CVE-2018-1052
CWE-200
Medium
Squid Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19131)
CVE-2018-19131
CWE-707
Medium
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-19968)
CVE-2018-19968
CWE-200
Medium
Squid Missing Release of Resource after Effective Lifetime Vulnerability (CVE-2018-19132)
CVE-2018-19132
CWE-772
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19146)
CVE-2018-19146
CWE-707
Medium
MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19201)
CVE-2018-19201
CWE-707
Medium
MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19202)
CVE-2018-19202
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19206)
CVE-2018-19206
CWE-707
Medium
Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19554)
CVE-2018-19554
CWE-707
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19799)
CVE-2018-19799
CWE-707
Medium
phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19970)
CVE-2018-19970
CWE-707
Medium
WildFly Application Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1047)
CVE-2018-1047
CWE-22
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19992)
CVE-2018-19992
CWE-707
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19993)
CVE-2018-19993
CWE-707
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19995)
CVE-2018-19995
CWE-707
Medium
Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2018-1042)
CVE-2018-1042
CWE-918
Medium
Moodle CVE-2018-1043 Vulnerability (CVE-2018-1043)
CVE-2018-1043
-
Medium
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1044)
CVE-2018-1044
CWE-200
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1045)
CVE-2018-1045
CWE-707
Medium
Jboss EAP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1047)
CVE-2018-1047
CWE-22
Medium
PHP Improper Access Control Vulnerability (CVE-2015-8838)
CVE-2015-8838
CWE-284
Medium