Web Application Vulnerabilities Index

This page lists X vulnerabilities classified as ISO27001-A.14.1.2 that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Select Vulnerability
Vulnerability Name
Classification
Severity
Autocomplete Enabled (Password Field)
Autocomplete Enabled (Password Field)
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
, 
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Information
Autocomplete is Enabled
Autocomplete is Enabled
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Low
Cookie Not Marked as Secure
Cookie Not Marked as Secure
CAPEC-102
, 
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-614
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.10
, 
WASC-15
, 
Low
Cookie Values Used in Anti-CSRF Token
Cookie Values Used in Anti-CSRF Token
CWE-352
, 
HIPAA-164.306(a)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Cross-site Referrer Leakage through usage of origin-when-cross-origin in Referrer-Policy
Cross-site Referrer Leakage through usage of origin-when-cross-origin in Referrer-Policy
CWE-200
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A6
, 
OWASP 2017-A6
, 
Information
Cross-site Referrer Leakage through usage of strict-origin in Referrer-Policy
Cross-site Referrer Leakage through usage of strict-origin in Referrer-Policy
CWE-200
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A6
, 
OWASP 2017-A6
, 
Information
Cross-site Referrer Leakage through usage of strict-origin-when-cross-origin in Referrer-Policy
Cross-site Referrer Leakage through usage of strict-origin-when-cross-origin in Referrer-Policy
CWE-200
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A6
, 
OWASP 2017-A6
, 
Information
Cross-site Referrer Leakage through usage of the origin keyword in Referrer-Policy
Cross-site Referrer Leakage through usage of the origin keyword in Referrer-Policy
CWE-200
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A6
, 
OWASP 2017-A6
, 
Information
Denial of Service (MySQL)
Denial of Service (MySQL)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
, 
CWE-400
, 
ISO27001-A.14.1.2
, 
WASC-10
, 
Information
Disabled X-XSS-Protection Header
Disabled X-XSS-Protection Header
CWE-693
, 
ISO27001-A.14.1.2
, 
WASC-15
, 
Information
Expect-CT Header via HTTP
Expect-CT Header via HTTP
CWE-16
, 
ISO27001-A.14.1.2
, 
WASC-15
, 
Information
Expect-CT in Report Only Mode
Expect-CT in Report Only Mode
ISO27001-A.14.1.2
, 
Information
Expect-CT Not Enabled
Expect-CT Not Enabled
CWE-16
, 
ISO27001-A.14.1.2
, 
WASC-15
, 
Best Practice
Expect-CT Security Header Errors and Warnings
Expect-CT Security Header Errors and Warnings
CWE-16
, 
ISO27001-A.14.1.2
, 
WASC-15
, 
Information
HTTP Strict Transport Security (HSTS) Errors and Warnings
HTTP Strict Transport Security (HSTS) Errors and Warnings
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Medium
HTTP Strict Transport Security (HSTS) Max-Age Value Too Low
HTTP Strict Transport Security (HSTS) Max-Age Value Too Low
CWE-16
, 
ISO27001-A.14.1.2
, 
WASC-15
, 
Information
HTTP Strict Transport Security (HSTS) Policy Not Enabled
HTTP Strict Transport Security (HSTS) Policy Not Enabled
CAPEC-217
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
, 
CWE-523
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
WASC-4
, 
Medium
HTTP Strict Transport Security (HSTS) via HTTP
HTTP Strict Transport Security (HSTS) via HTTP
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2017-A6
, 
WASC-15
, 
Information
Insecure Frame (External)
Insecure Frame (External)
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2017-A6
, 
WASC-15
, 
Low
Internal Server Error
Internal Server Error
CWE-550
, 
ISO27001-A.14.1.2
, 
WASC-13
, 
Low
Laravel Debug Mode Enabled
Laravel Debug Mode Enabled
CAPEC-214
, 
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.5
, 
WASC-14
, 
Low
Misconfigured Access-Control-Allow-Origin Header
Misconfigured Access-Control-Allow-Origin Header
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.8
, 
WASC-15
, 
Low
Misconfigured Frame
Misconfigured Frame
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2017-A6
, 
WASC-15
, 
Low
Missing Content-Type Header
Missing Content-Type Header
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.7
, 
WASC-15
, 
Low
Missing X-Content-Type-Options Header
Missing X-Content-Type-Options Header
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Low
OPTIONS Method Enabled
OPTIONS Method Enabled
CAPEC-107
, 
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Information
Out-of-date (ASP.NET MVC)
Out-of-date (ASP.NET MVC)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-Date (Bootstrap Select)
Out-of-Date (Bootstrap Select)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-Date (Bootstrap Table)
Out-of-Date (Bootstrap Table)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-Date (Bootstrap Typeahead)
Out-of-Date (Bootstrap Typeahead)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date (FrontPage)
Out-of-date (FrontPage)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-Date (JQuery placeholder.js)
Out-of-Date (JQuery placeholder.js)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date (Mongrel)
Out-of-date (Mongrel)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date (Oracle Application Server)
Out-of-date (Oracle Application Server)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date (Phusion Passenger)
Out-of-date (Phusion Passenger)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date (SharePoint)
Out-of-date (SharePoint)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date (Taleo Web Server)
Out-of-date (Taleo Web Server)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date (Varnish)
Out-of-date (Varnish)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (AbanteCart)
Out-of-date Version (AbanteCart)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (Ampache)
Out-of-date Version (Ampache)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (Angular)
Out-of-date Version (Angular)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (AngularJS)
Out-of-date Version (AngularJS)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (Apache)
Out-of-date Version (Apache)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (Apache Coyote)
Out-of-date Version (Apache Coyote)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (Apache Traffic Server)
Out-of-date Version (Apache Traffic Server)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (Artifactory DevOps Solution)
Out-of-date Version (Artifactory DevOps Solution)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (ASP.NET SignalR)
Out-of-date Version (ASP.NET SignalR)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (Atlassian Confluence)
Out-of-date Version (Atlassian Confluence)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (Atlassian Jira)
Out-of-date Version (Atlassian Jira)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (Atlassian Proxy)
Out-of-date Version (Atlassian Proxy)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (ATutor)
Out-of-date Version (ATutor)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (axios)
Out-of-date Version (axios)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (Axway SecureTransport Server)
Out-of-date Version (Axway SecureTransport Server)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (b2evolution)
Out-of-date Version (b2evolution)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (Backbone.js)
Out-of-date Version (Backbone.js)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (bluebird)
Out-of-date Version (bluebird)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (Bootbox.js)
Out-of-date Version (Bootbox.js)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (Bootstrap)
Out-of-date Version (Bootstrap)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (Bootstrap 3 Date/Time Picker)
Out-of-date Version (Bootstrap 3 Date/Time Picker)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (Bootstrap Toggle)
Out-of-date Version (Bootstrap Toggle)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (CakePHP Framework)
Out-of-date Version (CakePHP Framework)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (CanvasJS)
Out-of-date Version (CanvasJS)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (Chamilo)
Out-of-date Version (Chamilo)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (Chart.js)
Out-of-date Version (Chart.js)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (Cherokee)
Out-of-date Version (Cherokee)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (CherryPy)
Out-of-date Version (CherryPy)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (CKEditor)
Out-of-date Version (CKEditor)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (Claroline)
Out-of-date Version (Claroline)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (ClipBucket)
Out-of-date Version (ClipBucket)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (Collabtive)
Out-of-date Version (Collabtive)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (Concerte5)
Out-of-date Version (Concerte5)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (contao)
Out-of-date Version (contao)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (cookieconsent2)
Out-of-date Version (cookieconsent2)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information
Out-of-date Version (Coppermine)
Out-of-date Version (Coppermine)
CAPEC-310
, 
CWE-1035
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
Information