Web Application Vulnerabilities Index

This page lists X vulnerabilities classified as ISO27001-A.14.2.5 that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Select Vulnerability
Vulnerability Name
Classification
Severity
Piwik Detected
Piwik Detected
CAPEC-224
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-45
, 
Information
PixiJs Identified
PixiJs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Play Web Framework Identified
Play Web Framework Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Plesk (Linux) Identified
Plesk (Linux) Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Plesk (Windows) Identified
Plesk (Windows) Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Plone CMS Identified
Plone CMS Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Plupload Identified
Plupload Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
PmWiki Detected
PmWiki Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Podcast Generator Detected
Podcast Generator Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Polymer Identified
Polymer Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Popper.js Identified
Popper.js Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
PossibleBlindMongoDB
PossibleBlindMongoDB
CAPEC-66
, 
CWE-89
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
PCI v3.2-6.5.1
, 
WASC-19
, 
Critical
Possible Boolean Mongo Db Injection
Possible Boolean Mongo Db Injection
CAPEC-66
, 
CWE-89
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
PCI v3.2-6.5.1
, 
WASC-19
, 
Critical
PrestaShop Detected
PrestaShop Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
PrettyPhoto Identified
PrettyPhoto Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Private Burp Collaborator Server Identified
Private Burp Collaborator Server Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Progress MOVEit Transfer SQL Injection
Progress MOVEit Transfer SQL Injection
CAPEC-66
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
CWE-89
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
WASC-19
, 
High
ProjectSend Detected
ProjectSend Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Prototypejs Identified
Prototypejs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Python Identified
Python Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Python WSGIserver Identified
Python WSGIserver Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
qdPM Detected
qdPM Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Question2Answer Detected
Question2Answer Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
Information
Ramda Identified
Ramda Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
React Identified
React Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Referrer-Policy Needs Proper Fallback
Referrer-Policy Needs Proper Fallback
CWE-200
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A6
, 
OWASP 2017-A6
, 
Information
Referrer-Policy Not Implemented
Referrer-Policy Not Implemented
CWE-200
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
Best Practice
Reflected File Download
Reflected File Download
CAPEC-375
, 
CWE-840
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
WASC-42
, 
Low
RegreSSHion Attack (CVE-2024-6387)
RegreSSHion Attack (CVE-2024-6387)
CAPEC-26
, 
CWE-366
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.5.1
, 
Critical
Remote Code Execution and DoS in HTTP.sys (IIS)
Remote Code Execution and DoS in HTTP.sys (IIS)
CAPEC-340
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:W/RC:C
, 
CWE-20
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
WASC-7
, 
Critical
Remote Code Execution (Spring4Shell)
Remote Code Execution (Spring4Shell)
CAPEC-242
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
, 
CWE-94
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
Critical
Remote File Inclusion
Remote File Inclusion
CAPEC-193
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
, 
CWE-98
, 
HIPAA-164.306(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
WASC-5
, 
Critical
RequireJs Identified
RequireJs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Resin Application Server Identified
Resin Application Server Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Respondjs Identified
Respondjs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Restlet Framework Identified
Restlet Framework Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
RevealJs Identified
RevealJs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Revive Adserver Detected
Revive Adserver Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Rickshaw Identified
Rickshaw Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
RiotJs Identified
RiotJs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Roundcube Detected
Roundcube Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
RubyGems Identified
RubyGems Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Ruby on Rails File Content Disclosure (CVE-2019-5418)
Ruby on Rails File Content Disclosure (CVE-2019-5418)
CAPEC-252
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-98
, 
HIPAA-164.306(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A4
, 
OWASP 2017-A5
, 
PCI v3.2-6.5.8
, 
WASC-33
, 
High
Ruby on Rails Identified
Ruby on Rails Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Rukovoditel Detected
Rukovoditel Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
Information
SailsJS Identified
SailsJS Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
SameSite Cookie Not Implemented
SameSite Cookie Not Implemented
CWE-16
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
Best Practice
SameSite None Cookie Not Marked as Secure
SameSite None Cookie Not Marked as Secure
CWE-16
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
Best Practice
SAML Consumer Service KeyInfo RetrievalMethod SSRF
SAML Consumer Service KeyInfo RetrievalMethod SSRF
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
WASC-20
, 
Medium
SAML Consumer Service XSS Vulnerability
SAML Consumer Service XSS Vulnerability
CAPEC-19
, 
CWE-79
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A3
, 
OWASP 2017-A7
, 
PCI v3.2-6.5.7
, 
WASC-8
, 
Medium
SAML Response Signature Exclusion
SAML Response Signature Exclusion
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
, 
CWE-16
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
High
SAML Response Without Signature
SAML Response Without Signature
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
, 
CWE-16
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
High
Scheme URI Detected in Content Security Policy (CSP) Directive
Scheme URI Detected in Content Security Policy (CSP) Directive
ISO27001-A.14.2.5
, 
Information
ScrollReveal Identified
ScrollReveal Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Select2 Identified
Select2 Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
SemanticUI Identified
SemanticUI Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
SeoPanel Detected
SeoPanel Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Serendipity Detected
Serendipity Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Server-Side Request Forgery
Server-Side Request Forgery
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
WASC-20
, 
Medium
Server-Side Request Forgery (Apache Server Status)
Server-Side Request Forgery (Apache Server Status)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
, 
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
High
Server-Side Request Forgery (AWS)
Server-Side Request Forgery (AWS)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
, 
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A5
, 
High
Server-Side Request Forgery (elmah)
Server-Side Request Forgery (elmah)
CAPEC-347
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-918
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.6
, 
WASC-15
, 
High
Server-Side Request Forgery (elmah MVC)
Server-Side Request Forgery (elmah MVC)
CAPEC-347
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-918
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.6
, 
WASC-15
, 
High
Server-Side Request Forgery (Equinix)
Server-Side Request Forgery (Equinix)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
, 
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Critical
Server-Side Request Forgery (MySQL)
Server-Side Request Forgery (MySQL)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
, 
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
High
Server-Side Request Forgery (Oracle Cloud)
Server-Side Request Forgery (Oracle Cloud)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
, 
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Critical
Server-Side Request Forgery (Packet Cloud)
Server-Side Request Forgery (Packet Cloud)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
, 
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Critical
Server-Side Request Forgery (SSH)
Server-Side Request Forgery (SSH)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
, 
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
High
Server-Side Request Forgery (Time Based)
Server-Side Request Forgery (Time Based)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
WASC-20
, 
Medium
Server-Side Request Forgery (trace.axd)
Server-Side Request Forgery (trace.axd)
CAPEC-347
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-918
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.6
, 
WASC-15
, 
Critical
Server-Side Template Injection
Server-Side Template Injection
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
CWE-74
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
Critical
Server-Side Template Injection (ASP.NET Razor)
Server-Side Template Injection (ASP.NET Razor)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
CWE-74
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
Critical
Server-Side Template Injection (IAST)
Server-Side Template Injection (IAST)
CAPEC-66
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
CWE-20
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
WASC-19
, 
High
Server-Side Template Injection (Java FreeMarker)
Server-Side Template Injection (Java FreeMarker)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
CWE-74
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
Critical