Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Known Vulnerabilities

This page lists 14673 vulnerabilities in this category.

Critical: 1573 High: 3882 Medium: 8446 Low: 770 Information: 2
Vulnerability Name
CVE
CWE
Severity
PHP Address Book Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-2608)
CVE-2009-2608
CWE-138
Medium
Internet Information Services Uncontrolled Resource Consumption Vulnerability (CVE-2009-2521)
CVE-2009-2521
CWE-400
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12625)
CVE-2020-12625
CWE-707
Medium
PHP Improper Input Validation Vulnerability (CVE-2009-2687)
CVE-2009-2687
CWE-20
Medium
Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2009-2693)
CVE-2009-2693
CWE-22
Medium
osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12629)
CVE-2020-12629
CWE-707
Medium
WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-2851)
CVE-2009-2851
CWE-707
Medium
Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2009-2902)
CVE-2009-2902
CWE-22
Medium
Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11813)
CVE-2020-11813
CWE-707
Medium
qdPM Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-11814)
CVE-2020-11814
CWE-138
Medium
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-2901)
CVE-2009-2901
CWE-264
Medium
Squid Improper Input Validation Vulnerability (CVE-2009-2855)
CVE-2009-2855
CWE-20
Medium
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-2854)
CVE-2009-2854
CWE-264
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-2783)
CVE-2009-2783
CWE-707
Medium
Apache Tomcat Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-2696)
CVE-2009-2696
CWE-707
Medium
Rukovoditel Cleartext Storage of Sensitive Information Vulnerability (CVE-2020-11821)
CVE-2020-11821
CWE-312
Medium
Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11822)
CVE-2020-11822
CWE-707
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11823)
CVE-2020-11823
CWE-707
Medium
Joomla Incorrect Authorization Vulnerability (CVE-2020-11889)
CVE-2020-11889
CWE-863
Medium
Joomla Improper Input Validation Vulnerability (CVE-2020-11890)
CVE-2020-11890
CWE-20
Medium
Joomla Incorrect Authorization Vulnerability (CVE-2020-11891)
CVE-2020-11891
CWE-863
Medium
Roundcube Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-12626)
CVE-2020-12626
CWE-352
Medium
phpList Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12639)
CVE-2020-12639
CWE-707
Medium
Drupal Incorrect Default Permissions Vulnerability (CVE-2020-13667)
CVE-2020-13667
CWE-276
Medium
Sqlite NULL Pointer Dereference Vulnerability (CVE-2020-13632)
CVE-2020-13632
CWE-476
Medium
WordPress Configuration Vulnerability (CVE-2009-2335)
CVE-2009-2335
-
Medium
WordPress Improper Authentication Vulnerability (CVE-2009-2334)
CVE-2009-2334
CWE-287
Medium
phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-2284)
CVE-2009-2284
CWE-707
Medium
ZenCart Improper Authentication Vulnerability (CVE-2009-2255)
CVE-2009-2255
CWE-287
Medium
Django Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13596)
CVE-2020-13596
CWE-707
Medium
Sqlite CVE-2020-13631 Vulnerability (CVE-2020-13631)
CVE-2020-13631
-
Medium
SugarCRM Other Vulnerability (CVE-2009-2146)
CVE-2009-2146
-
Medium
Drupal Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2009-2372)
CVE-2009-2372
CWE-94
Medium
Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13655)
CVE-2020-13655
CWE-707
Medium
Drupal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-13662)
CVE-2020-13662
CWE-601
Medium
Family Connections Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-2010)
CVE-2009-2010
CWE-138
Medium
Oracle Database Server CVE-2009-2001 Vulnerability (CVE-2009-2001)
CVE-2009-2001
-
Medium
Oracle Database Server CVE-2009-2000 Vulnerability (CVE-2009-2000)
CVE-2009-2000
-
Medium
Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13666)
CVE-2020-13666
CWE-707
Medium
WordPress Configuration Vulnerability (CVE-2009-2336)
CVE-2009-2336
-
Medium
Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-2373)
CVE-2009-2373
CWE-707
Medium
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-2432)
CVE-2009-2432
CWE-264
Medium
Jboss EAP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-2405)
CVE-2009-2405
CWE-707
Medium
TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12648)
CVE-2020-12648
CWE-707
Medium
WordPress Improper Input Validation Vulnerability (CVE-2009-2431)
CVE-2009-2431
CWE-20
Medium
PHP-Fusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12706)
CVE-2020-12706
CWE-707
Medium
PHP-Fusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12708)
CVE-2020-12708
CWE-707
Medium
PHP-Fusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12718)
CVE-2020-12718
CWE-707
Medium
OpenSSL Cryptographic Issues Vulnerability (CVE-2009-2409)
CVE-2009-2409
-
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13094)
CVE-2020-13094
CWE-707
Medium
Liferay Portal CVE-2020-13444 Vulnerability (CVE-2020-13444)
CVE-2020-13444
-
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13239)
CVE-2020-13239
CWE-707
Medium
Dolibarr Incorrect Default Permissions Vulnerability (CVE-2020-13240)
CVE-2020-13240
CWE-276
Medium
Django Improper Certificate Validation Vulnerability (CVE-2020-13254)
CVE-2020-13254
CWE-295
Medium
Drupal Credentials Management Errors Vulnerability (CVE-2009-2374)
CVE-2009-2374
-
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13430)
CVE-2020-13430
CWE-707
Medium
Sqlite Integer Overflow or Wraparound Vulnerability (CVE-2020-13434)
CVE-2020-13434
CWE-190
Medium
Sqlite NULL Pointer Dereference Vulnerability (CVE-2020-13435)
CVE-2020-13435
CWE-476
Medium
MySQL CVE-2020-14614 Vulnerability (CVE-2020-14614)
CVE-2020-14614
-
Medium
MySQL CVE-2020-14620 Vulnerability (CVE-2020-14620)
CVE-2020-14620
-
Medium
Ruby on Rails Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-3086)
CVE-2009-3086
CWE-200
Medium
Next.js URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-15242)
CVE-2020-15242
CWE-601
Medium
Moodle Improper Input Validation Vulnerability (CVE-2009-1171)
CVE-2009-1171
CWE-20
Medium
phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-1150)
CVE-2009-1150
CWE-707
Medium
PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-15161)
CVE-2020-15161
CWE-707
Medium
PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-15162)
CVE-2020-15162
CWE-707
Medium
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-15171)
CVE-2020-15171
CWE-138
Medium
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-15241)
CVE-2020-15241
CWE-601
Medium
phpMyAdmin Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2009-1148)
CVE-2009-1148
CWE-22
Medium
Envoy Proxy Origin Validation Error Vulnerability (CVE-2020-15104)
CVE-2020-15104
CWE-346
Medium
MySQL Out-of-bounds Write Vulnerability (CVE-2020-15358)
CVE-2020-15358
CWE-787
Medium
Sqlite Out-of-bounds Write Vulnerability (CVE-2020-15358)
CVE-2020-15358
CWE-787
Medium
CakePHP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-15400)
CVE-2020-15400
CWE-352
Medium
Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-1047)
CVE-2009-1047
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-15562)
CVE-2020-15562
CWE-707
Medium