Web Application Vulnerabilities Index

This page lists X vulnerabilities classified as OWASP 2013-A6 that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Select Vulnerability
Vulnerability Name
Classification
Severity
Sensitive Data Exposure - Stripe API key
Sensitive Data Exposure - Stripe API key
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Symfony Application Secret
Sensitive Data Exposure - Symfony Application Secret
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Teams Webhook
Sensitive Data Exposure - Teams Webhook
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Telegram Bot API Token
Sensitive Data Exposure - Telegram Bot API Token
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Twilio API Key
Sensitive Data Exposure - Twilio API Key
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Twitter Access Token Secret
Sensitive Data Exposure - Twitter Access Token Secret
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Twitter API Secret Key
Sensitive Data Exposure - Twitter API Secret Key
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - WordPress Authentication Key/Salt
Sensitive Data Exposure - WordPress Authentication Key/Salt
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Session Cookie Not Marked as Secure
Session Cookie Not Marked as Secure
CAPEC-102
, 
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
, 
CWE-614
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.10
, 
WASC-15
, 
Medium
Social Security Number Disclosure
Social Security Number Disclosure
CAPEC-118
, 
CWE-213
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.3
, 
WASC-13
, 
Low
SSL/TLS Not Implemented
SSL/TLS Not Implemented
CAPEC-217
, 
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
, 
CWE-311
, 
HIPAA-164.306
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
Medium
Unknown Option Used In Referrer-Policy
Unknown Option Used In Referrer-Policy
CWE-200
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A6
, 
OWASP 2017-A6
, 
Information
Weak Basic Authentication Credentials
Weak Basic Authentication Credentials
CAPEC-16
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
, 
CWE-521
, 
ISO27001-A.9.4.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.10
, 
WASC-15
, 
High
Weak Ciphers Enabled
Weak Ciphers Enabled
CAPEC-217
, 
CWE-327
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
Medium
Windows Username Disclosure
Windows Username Disclosure
CAPEC-118
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.5
, 
WASC-13
, 
Low