• Home
  • Web Application Advisories

Web Application Advisories by Invicti

The below is a list of advisories about vulnerabilities in web applications identified with Invicti’s scanning engine, which is used in desktop based scanner Invicti Standard and in the online web security service Invicti Enterprise.

Advisories Released in 2021

ID Name
NS-21-004 Cross-site Scripting vulnerability in Kajona CMS 6.2
NS-21-003 Cross-Site Scripting vulnerability in Ampache 4.4.2
NS-21-002 Cross-Site Scripting Vulnerability in Zen Cart 1.5.7
NS-21-001 Cross-Site Scripting Vulnerability in Chamilo LMS 1.11.14

Advisories Released in 2020

ID Name
NS-20-006 SQL Injection Vulnerability in SEOPanel 4.6.0
NS-20-005 Cross-Site Scripting Vulnerabilities in SEOPanel 4.6.0
NS-20-004 Cross-Site Scripting Vulnerabilities in BigtreeCMS 4.4.11
NS-20-003 Cross-Site Scripting Vulnerabilities in IlchCMS 2.1.37
NS-20-002 Blind SQL Injection Vulnerability in Geeklog 2.2.1
NS-20-001 Cross-Site Scripting Vulnerability in Geeklog 2.2.1

Advisories Released in 2019

ID Name
NS-19-018 Frame Injection Vulnerability in ERPNext 11.1.47
NS-19-017 Multiple Reflected Cross-site Scripting Vulnerabilities in ERPNext 11.1.47
NS-19-016 Multiple Cross-site Scripting Vulnerabilities in ilchCMS 2.1.23
NS-19-015 Multiple Cross-site Scripting Vulnerabilities in Openfire 4.4.1
NS-19-014 Multiple Reflected Cross-site Scripting Vulnerabilities in OpenEdx version Ironwood.1
NS-19-013 Multiple CSRF Vulnerabilities in Django CRM 0.2.1
NS-19-012 Open Redirection Vulnerability in Zurmo 3.2.6
NS-19-011 Frame Injection Vulnerability in Zurmo 3.2.6
NS-19-010 Stored Cross-site Scripting Vulnerability in Zurmo 3.2.6
NS-19-009 Out of Band Code Evaluation Vulnerability in Zurmo 3.2.6
NS-19-008 Reflected Cross-site Scripting Vulnerability in Zurmo 3.2.6
NS-19-007 Code Evaluation Vulnerability in Zurmo 3.2.6
NS-19-006 Multiple Reflected Cross-site Scripting Vulnerabilities in phpFK lite-version
NS-19-005 Reflected Cross-site Scripting Vulnerability in Ponzu CMS 0.9.4
NS-19-004 Multiple Cross-site Scripting Vulnerabilities in Shopware 5.5.6
NS-19-003 Stored Cross-site Scripting Vulnerability in VFront 0.99.5
NS-19-002 Multiple Reflected Cross-site Scripting Vulnerabilities in VFront 0.99.5
NS-19-001 Reflected Cross-site Scripting Vulnerability in Kanboard 1.2.7

Advisories Released in 2018

ID Name
NS-18-061 Multiple Cross-site Scripting Vulnerabilities in ProjectSend r1053
NS-18-060 Cross-site Scripting Vulnerability in ElkArte 1.1.0
NS-18-059 Multiple Cross-Site Scripting Vulnerabilities in HTMLy 2.7.4
NS-18-058 SQL Injection Vulnerabilities in inoERP 0.6.1
NS-18-057 Multiple Cross-site Scripting Vulnerabilities in Zencart 1.5.5f
NS-18-056 Open Redirection Vulnerability in GetSimpleCMS 3.3.13
NS-18-055 Boolean SQL Injection Vulnerability in Monica 1.8.2
NS-18-054 Multiple Cross-site Scripting Vulnerabilities in PluXml 5.7
NS-18-053 Multiple Reflected Cross-site Scripting Vulnerabilities in WeBid 1.2.2
NS-18-052 Reflected Cross-site Scripting Vulnerability in Collabtive 3.1
NS-18-051 Stored Cross-site Scripting Vulnerability in Podcast Generator 2.7
NS-18-050 Multiple Reflected Cross-site Scripting Vulnerabilities in Coppermine 1.5.46
NS-18-049 Cross-site Scripting Vulnerability in Abantecart 1.2.12
NS-18-048 Cross-site Scripting via XML Vulnerability in DNN 9.1
NS-18-047 Multiple Cross-site Scripting Vulnerabilities in FluxBB 1.5.10
NS-18-046 Multiple Reflected Cross-site Scripting Vulnerabilities in Ampache 3.9.0
NS-18-045 XML External Entity Injection Vulnerability in BlogEngine 3.3
NS-18-044 Open Redirection Vulnerabilities in OrangeForum 1.4.0
NS-18-043 Multiple Cross-site Scripting Vulnerabilities in ZenPhoto 1.4.14
NS-18-042 Reflected Cross-site Scripting in Mantis 2.11.1
NS-18-041 DOM Based Cross-site Scripting Vulnerability in Sharrre 2.0.1
NS-18-040 Multiple Cross-site Scripting Vulnerabilities in Family Connections 3.7.0
NS-18-039 Multiple Cross-site Scripting Vulnerabilities in GeniXCMS 1.1.5
NS-18-038 Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8
NS-18-037 Open Redirection Vulnerability in ForkCMS 5.0.6
NS-18-036 SQL injection Vulnerability in Zurmo 2.3.4
NS-18-035 Multiple Cross-site Scripting Vulnerabilities in Zurmo 2.3.4
NS-18-034 Code Evolution (PHP) Vulnerability in Zurmo 2.3.4
NS-18-033 Multiple Cross-site Scripting Vulnerabilities in ImpressCMS 1.3.10
NS-18-032 Stored Cross-site Scripting Vulnerability in ForkCMS 5.0.6
NS-18-031 Blind SQL Injection Vulnerabilities in Plikli 4.0.0
NS-18-030 Multiple Cross-site Scripting Vulnerabilities in Plikli 4.0.0
NS-18-029 Multiple Cross-site Scripting Vulnerabilities in OSclass 3.7.4
NS-18-028 SQL Injection Vulnerabilities in Chamilo 1.11.6
NS-18-027 Multiple Cross-site Scripting Vulnerabilities in Chamilo 1.11.6
NS-18-026 Reflected Cross-site Scripting Vulnerability in Typesetter 5.1
NS-18-025 Reflected Cross-site Scripting Vulnerability in CubeCart 6.2.2
NS-18-024 Multiple Cross-Site Scripting Vulnerabilities in FreshRSS 1.11.1
NS-18-023 SQL Injection and Blind SQL Injection Vulnerabilities in SOPlanning 1.41
NS-18-022 Multiple Reflected Cross-site Scripting Vulnerabilities in Seopanel 3.13.0
NS-18-021 Open Redirection Vulnerabilities in Eventum v3.3.4
NS-18-020 Cross-site Scripting Vulnerabilities in Carbon Forum 5.9.0
NS-18-019 Code Evaluations in FuelCMS 1.4.1
NS-18-018 SQL Injection Vulnerabilities in FuelCMS 1.4.1
NS-18-017 Cross-site Request Forgery Vulnerabilities in Serenity 3.0.5
NS-18-016 Reflected Cross-site Scripting Vulnerability in BigTree CMS 4.2.23
NS-18-015 Multiple Cross-site Scripting Vulnerabilities in Dolibarr 7.0.3
NS-18-014 PHP Code Evaluation Vulnerability in Wolf CMS 0.8.3.1
NS-18-013 Cross Site Request Forgery Vulnerability in Platformus 1.0.0-alpha21
NS-18-012 Stored Cross-site Scripting Vulnerability in Platformus 1.0.0-alpha21
NS-18-011 Stored Cross-site Scripting in inoERP 0.6.1
NS-18-010 Multiple Cross-site Scripting Vulnerabilities in TikiWiki 17.1
NS-18-009 Frame Injection Vulnerabilities in TikiWiki 17.1
NS-18-008 Multiple Cross-site Scripting Vulnerabilities in ClipperCMS 1.3.3
NS-18-007 Multiple Cross-site Scripting Vulnerabilities in TangoBB 1.5.1
NS-18-006 Multiple Reflected Cross-site Scripting Vulnerabilities in Dotclear 2.13.1
NS-18-005 Stored XSS Vulnerability in BigTreeCMS 4.2.19
NS-18-004 Stored XSS Vulnerability in Omeka 2.6
NS-18-003 Multiple Reflected XSS Vulnerabilities in TCexam 14.0.3
NS-18-002 Frame Injection Vulnerabilities in Gibbon v14.0.01
NS-18-001 Multiple XSS Vulnerabilities in Gibbon v14.0.01

Advisories Released in 2017

ID Name
NS-17-032 Server-Side Template Injection Vulnerability in CMS Made Simple
NS-17-031 Reflected XSS Vulnerability in CMS Made Simple
NS-17-030 Multiple Reflected XSS Vulnerabilities in phpfk Lite
NS-17-029 Reflected XSS Vulnerability in Wirawan Test 10okt2016
NS-17-028 Multiple Blind SQL Injection Vulnerabilities in Chronosite 5.1.2
NS-17-027 Multiple Reflected XSS Vulnerabilities in Chronosite 5.1.2
NS-17-026 Reflected XSS Vulnerability in PluXML 5.5
NS-17-025 Multiple Reflected XSS Vulnerabilities in PHFTP 4.2
NS-17-024 Reflected XSS Vulnerability in PHProxy 0.5b2
NS-17-023 Multiple Reflected XSS Vulnerabilities in Vfront 0.99.4
NS-17-022 XSS, CSRF and Multiple Other Vulnerabilities in CubeCart
NS-17-021 Reflected XSS Vulnerability in Online Inventory Manager
NS-17-020 Multiple Reflected XSS Vulnerabilities in Free CMMS 0.04
NS-17-019 Reflected XSS Vulnerability in infoERP
NS-17-018 Reflected XSS Vulnerability in PHuPload
NS-17-017 Reflected XSS Vulnerability in MaxForum
NS-17-016 SQL Injection Vulnerability in Content2
NS-17-015 Multiple Reflected XSS Vulnerabilities in Content2
NS-17-014 Multiple Reflected XSS Vulnerabilities in PHPBB template test suite 2.0.11 (beta)
NS-17-013 Reflected XSS Vulnerability in Simple Picture Gallery Manager
NS-17-012 Reflected XSS Vulnerability in phpRFT
NS-17-011 Reflected XSS Vulnerability in dirLIST
NS-17-010 Reflected XSS Vulnerability in Upload Script for Images and Audio files
NS-17-009 Reflected XSS Vulnerability in OTP
NS-17-008 Reflected XSS Vulnerability in Hexjector
NS-17-007 Multiple Reflected XSS Vulnerabilities in Powebform 1.0.3
NS-17-006 Reflected XSS Vulnerability in Yii Framework
NS-17-005 Blind SQL Injection Vulnerability in SweetRice
NS-17-004 Multiple Reflected XSS Vulnerabilities in NodCMS 1.0
NS-17-003 Multiple Reflected XSS Vulnerabilities in SpiderFoot
NS-17-002 Multiple Reflected XSS Vulnerabilities in Collabtive
NS-17-001 Multiple Reflected XSS Vulnerabilities in MyLittleForum

Advisories Released in 2016

ID Name
NS-16-021 Reflected and Stored XSS Vulnerabilities in Typesetter CMS
NS-16-020 Reflected XSS Vulnerability in Storytlr
NS-16-019 Multiple Reflected XSS Vulnerabilities in eggBlog 4.1.2
NS-16-018 Blind SQL Injection Vulnerability in eggBlog 4.1.2
NS-16-017 Multiple Reflected XSS Vulnerabilities in Dotclear 2.9.1
NS-16-016 Remote Code Evaluation (RCE) Vulnerabilities in Cockpit 0.13.0
NS-16-015 Multiple Reflected XSS Vulnerabilities in Cockpit 0.13.0
NS-16-014 Reflected XSS Vulnerability in Ovidentia 8.4.1
NS-16-013 Multiple Reflected XSS Vulnerabilities in Beehive Forum 1.4.7
NS-16-012 Reflected XSS vulnerability in HESK help desk software
NS-16-011 Multiple XSS Vulnerabilities in Kajona v5
NS-16-010 Reflected XSS Vulnerability in PageKit 1.0.5
NS-16-009 Reflected XSS Vulnerability in WP-Polls 2.73
NS-16-008 Stored Multiple XSS Vulnerabilities in Clicky by Yoast 1.4.3
NS-16-007 Self XSS Vulnerability in Yoast SEO 3.3.2
NS-16-006 Multiple XSS Vulnerabilities in Saurus CMS 4.7 FINAL
NS-16-005 Open Redirection Vulnerability in SmartStore
NS-16-004 XSS vulnerability in BulletProof Security WordPress plugin
NS-16-003 Multiple XSS Vulnerabilities in CubeCart
NS-16-002 XSS vulnerability in Mailpoet Newsletters WordPress plugin
NS-16-001 HTTP Header Injection in LiteSpeed Web Server

Advisories Released in 2015

ID Name
NS-15-024 XSS Vulnerability in Serendipity
NS-15-023 XSS Vulnerability in OpenCart
NS-15-022 Multiple XSS Vulnerabilities in BootstrapValidator
NS-15-021 Multiple DOM XSS Vulnerabilities in ScrollMagic
NS-15-020 DOM XSS Vulnerability in iCheck
NS-15-019 Multiple XSS Vulnerabilities in zTree v3
NS-15-018 CSRF Vulnerability in Booked Scheduler 2.5.15
NS-15-017 Multiple XSS Vulnerabilities in Booked Scheduler 2.5.15
NS-15-016 Multiple XSS vulnerabilities in TestLink 1.9.13
NS-15-015 SQL Injection Vulnerability in TestLink 1.9.13
NS-15-014 XSS Vulnerability in DataTables
NS-15-013 Multiple XSS Vulnerabilities in Google Analyticator WordPress Plugin
NS-15-012 XSS Vulnerability in phpMemAdmin
NS-15-011 XSS Vulnerability in Pligg CMS
NS-15-010 XSS Vulnerability in phpMoAdmin
NS-15-009 Multiple XSS Vulnerabilities in WP Flash Player 1.3
NS-15-008 Multiple XSS vulnerabilities in Concrete5
NS-15-007 DOM XSS vulnerability in Twenty Fifteen WordPress Theme
NS-15-006 XSS Vulnerability in miniBB
NS-15-005 SQL Injection Vulnerability in miniBB
NS-15-004 Local File Inclusion Vulnerability in ArticleFR
NS-15-003 Multiple XSS Vulnerabilities in ArticleFR
NS-15-002 XSS Vulnerability in Banner Effect Header WordPress Plugin
NS-15-001 XSS Vulnerability in Blubbry PowerPress WordPress Plugin

Advisories Released in 2014

ID Name
NS-14-045 Remote Code Evaluation Openbiz Cubi
NS-14-044 Multiple XSS Vulnerabilities in Openbiz Cubi
NS-14-043 Multiple SQL Injection Vulnerabilities in Openbiz Cubi
NS-14-042 XSS Vulnerability in Twiki WebSearch
NS-14-041 XSS Vulnerability in Twiki (QUERYSTRING and QUERYPARAMSTRING)
NS-14-040 Multiple XSS Vulnerabilitiesin KoolPHP
NS-14-039 XSS Vulnerability in Subrion CMS
NS-14-038 XSS Vulnerabilities in Zikula
NS-14-037 XSS Vulnerability in ProjectSend
NS-14-036 XSS Vulnerability in Sharetronix
NS-14-035 XSS Vulnerability in The Bug Genie
NS-14-034 XSS Vulnerability in Oxwall
NS-14-033 XSS Vulnerability in Little Poll
NS-14-032 Multiple XSS Vulnerabilities in LiteCart
NS-14-031 LFI Vulnerability in osClass
NS-14-030 XSS Vulnerabilities in osClass
NS-14-029 LFI & XSS Vulnerability in Codiad
NS-14-028 XSS Vulnerability in PeoplePods
NS-14-027 XSS Vulnerability in SiteCake
NS-14-026 XSS Vulnerability in PageCookery Microblog
NS-14-025 XSS Vulnerability in Storytlr
NS-14-024 XSS Vulnerability in October CMS
NS-14-023 XSS Vulnerability in KajonaCMS
NS-14-022 XSS Vulnerabilities in Booked Scheduler
NS-14-021 XSS Vulnerabilities in osTicket
NS-14-020 XSS Vulnerabilities in Ajenti
NS-14-019 XSS Vulnerability in SQL Buddy
NS-14-018 XSS Vulnerabilities in FishEye
NS-14-017 XSS Vulnerabilities in Responsive File Manager v9.3.4
NS-14-016 XSS Vulnerabilities in Pragyan
NS-14-015 XSS Vulnerabilities in FlatPress
NS-14-014 XSS Vulnerabilities in Tiki Wiki CMS
NS-14-013 XSS Vulnerabilities in TeamCity
NS-14-012 XSS Vulnerabilities in PyroCMS
NS-14-011 XSS Vulnerabilities in Claroline
NS-14-010 XSS Vulnerabilities in Storytlr
NS-14-009 XSS Vulnerabilities in MySeatXT
NS-14-008 XSS Vulnerabilities in phpAlbum
NS-14-007 XSS and SQL Vulnerabilities in e107
NS-14-006 XSS Vulnerabilities in Dokeos
NS-14-005 XSS and SQL Injection Vulnerabilities in SamNews
NS-14-004 XSS Vulnerabilities in UseBB
NS-14-003 XSS Vulnerabilities in Flat Nuke
NS-14-002 XSS Vulnerabilities in Maian Weblog
NS-14-001 Critical Blind SQL Injection Vulnerability in Pragyan CMS

Advisories Released in 2013

ID Name
NS-13-017 XSS Vulnerabilities in Andy's PHP Knowledgebase
NS-13-016 XSS and SQL Injection Vulnerabilities in Gnew
NS-13-015 XSS Vulnerabilities in RuubikCMS
NS-13-014 XSS and SQL Injection Vulnerabilities in BoastMachine
NS-13-013 XSS and SQL Injection Vulnerabilities in CourseMS
NS-13-012 XSS and SQL Injection Vulnerabilities in Bilboplanet
NS-13-011 XSS Vulnerability in Gazie
NS-13-010 XSS & CSRF Vulnerabilities in Gutuma
NS-13-009 SQL Injection Vulnerability in glFusion
NS-13-008 SQL Injection Vulnerabilities in MyMarket
NS-13-007 XSS Vulnerabilities in Xoda
NS-13-006 XSS and SQL Injection Vulnerabilities in DBHcms
NS-13-005 Open Redirection Vulnerability in OpalCMS
NS-13-004 XSS Vulnerabilities in ImpressCMS Content Module
NS-13-003 XSS Vulnerabilities in Serendipity
NS-13-002 XSS and SQL Injection Vulnerabilities in MiniBB
NS-13-001 XSS Vulnerabilities in MintBoard

Advisories Released in 2012

ID Name
NS-12-016 XSS, LFI and SQL Injection Vulnerabilities in Achievo
NS-12-015 XSS Vulnerabilities in bloofoxCMS
NS-12-014 XSS and SQL Injection Vulnerabilities in DotProject
NS-12-013 XSS Vulnerabilities in ClipBucket
NS-12-012 XSS Vulnerabilities in CMSMini
NS-12-011 XSS Vulnerabilities in TaskFreak
NS-12-010 XSS Vulnerabilities in phpFreeChat
NS-12-009 XSS and SQL Injection Vulnerabilities in Jara
NS-12-008 XSS Vulnerabilities in LabWiki
NS-12-007 XSS and SQL Injection Vulnerabilities in OrderSys
NS-12-006 XSS and Blind SQL Injection Vulnerabilities in ExponentCMS
NS-12-005 XSS vulnerability in Invision Power Board version 3.2.3
NS-12-004 Local File Inclusion Vulnerability in TomatoCart
NS-12-003 SQL Injection Vulnerability in Batavi E-Commerce < 1.1.2
NS-12-002 Open Redirection Vulnerability in Orchard 1.3.9
NS-12-001 SQL Injection Vulnerability in OpenEMR < 4.1.0 

Advisories Released in 2011

ID Name
NS-11-010 XSS and Blind SQL Injection Vulnerabilities in Banana Dance CMS
NS-11-009 XSS Vulnerability in Joomla 1.6.3
NS-11-008 XSS and SQL Injection in Symphony CMS < 2.2.3
NS-11-007 XSS Vulnerability in eFront < 3.6.10 build 11944
NS-11-006 XSS Vulnerability in TWiki < 5.1.0
NS-11-005 XSS Vulnerability in TWiki < 5.0.2
NS-11-004 XSS Vulnerability in Redmine 1.0.1 to 1.1.1
NS-11-003 XSS Vulnerability in Tracks < 1.7.2
NS-11-002 XSS Vulnerability in EnanoCms 1.1.7 & 1.1.6
NS-11-001 XSS Vulnerability Joomla < 1.5.20

Invicti Security Corp
220 Industrial Blvd Ste 102
Austin, TX 78745

© Invicti 2022

RESOURCES

USE CASES

WEB SECURITY

COMPANY

© Invicti 2022

SSA Privacy Policy California Privacy Rights Terms of Use Accessibility Sitemap