Web Application Vulnerabilities Index

This page lists X vulnerabilities classified as CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Select Vulnerability
Vulnerability Name
Classification
Severity
Blind Cross-site Scripting
Blind Cross-site Scripting
CAPEC-19
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-79
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A3
, 
OWASP 2017-A7
, 
PCI v3.2-6.5.7
, 
WASC-8
, 
High
Blind MongoDB Injection
Blind MongoDB Injection
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-943
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
High
Blind SQL Injection
Blind SQL Injection
CAPEC-66
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-89
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
WASC-19
, 
Critical
Code Evaluation (ASP)
Code Evaluation (ASP)
CAPEC-23
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-94
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
Critical
Code Evaluation (Node.js)
Code Evaluation (Node.js)
CAPEC-23
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-94
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
Critical
Code Evaluation (Perl)
Code Evaluation (Perl)
CAPEC-23
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-94
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
Critical
Code Evaluation (PHP)
Code Evaluation (PHP)
CAPEC-23
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-94
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
Critical
Code Evaluation (PHP) - IAST
Code Evaluation (PHP) - IAST
CAPEC-23
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-94
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
Critical
Code Evaluation (Python)
Code Evaluation (Python)
CAPEC-23
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-94
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
Critical
Code Evaluation (RoR)
Code Evaluation (RoR)
CAPEC-356
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-94
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
WASC-23
, 
Critical
Code Evaluation (RoR - JSON)
Code Evaluation (RoR - JSON)
CAPEC-356
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-94
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
WASC-23
, 
Critical
Code Evaluation (Ruby)
Code Evaluation (Ruby)
CAPEC-23
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-94
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
Critical
Cross-site Scripting via File Upload
Cross-site Scripting via File Upload
CAPEC-19
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-79
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A3
, 
OWASP 2017-A7
, 
PCI v3.2-6.5.7
, 
WASC-8
, 
High
Cross-site Scripting via Remote File Inclusion
Cross-site Scripting via Remote File Inclusion
CAPEC-19
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-79
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A3
, 
OWASP 2017-A7
, 
PCI v3.2-6.5.7
, 
WASC-8
, 
High
Database Connection String Detected
Database Connection String Detected
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-16
, 
HIPAA-164.306(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
WASC-15
, 
Information
F5 Big-IP Local File Inclusion (CVE-2020-5902)
F5 Big-IP Local File Inclusion (CVE-2020-5902)
CAPEC-252
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-22
, 
HIPAA-164.306(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A4
, 
OWASP 2017-A5
, 
PCI v3.2-6.5.8
, 
WASC-33
, 
High
Local File Inclusion
Local File Inclusion
CAPEC-252
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-22
, 
HIPAA-164.306(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A4
, 
OWASP 2017-A5
, 
PCI v3.2-6.5.8
, 
WASC-33
, 
High
Local File Inclusion (IAST)
Local File Inclusion (IAST)
CAPEC-252
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-22
, 
HIPAA-164.306(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A4
, 
OWASP 2017-A5
, 
PCI v3.2-6.5.8
, 
WASC-33
, 
High
Out of Band Code Evaluation (RoR - JSON)
Out of Band Code Evaluation (RoR - JSON)
CAPEC-356
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-94
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
WASC-23
, 
Critical
Ruby on Rails File Content Disclosure (CVE-2019-5418)
Ruby on Rails File Content Disclosure (CVE-2019-5418)
CAPEC-252
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-98
, 
HIPAA-164.306(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A4
, 
OWASP 2017-A5
, 
PCI v3.2-6.5.8
, 
WASC-33
, 
High
Stored Cross-site Scripting
Stored Cross-site Scripting
CAPEC-19
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-79
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A3
, 
OWASP 2017-A7
, 
PCI v3.2-6.5.7
, 
WASC-8
, 
High
Sublime SFTP Config File Detected
Sublime SFTP Config File Detected
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-16
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Medium