Web Application Vulnerabilities Index

This page lists 144 vulnerabilities categorized as medium severity that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Select Vulnerability
Vulnerability Name
Classification
Severity
aah Go Server Identified
aah Go Server Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
AbanteCart Detected
AbanteCart Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
actionhero.js Identified
actionhero.js Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Active Mixed Content over HTTPS
Active Mixed Content over HTTPS
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
, 
CWE-319
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
Medium
ActiveMQ - Remote Code Execution (CVE-2023-46604)
ActiveMQ - Remote Code Execution (CVE-2023-46604)
CAPEC-242
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
, 
CWE-94
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
Critical
Adminer Detected
Adminer Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Administration Page Detected
Administration Page Detected
CAPEC-87
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-425
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A7
, 
OWASP 2017-A5
, 
PCI v3.2-6.5.8
, 
WASC-34
, 
Information
Adobe Commerce/Magento "SessionReaper" RCE (CVE-2025-54236)
Adobe Commerce/Magento "SessionReaper" RCE (CVE-2025-54236)
CWE-CWE-20
, 
Critical
AEM Detected
AEM Detected
CWE-205
, 
ISO27001-A14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Ampache Detected
Ampache Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Angular Identified
Angular Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Angularjs Identified
Angularjs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Anonymous Ciphers Supported
Anonymous Ciphers Supported
CAPEC-117
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
, 
CWE-311
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
Medium
An Unsafe Content Security Policy (CSP) Directive in Use
An Unsafe Content Security Policy (CSP) Directive in Use
CWE-16
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
Information
Apache Coyote Identified
Apache Coyote Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Apache Module Identified
Apache Module Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Apache Multiple Choices Enabled
Apache Multiple Choices Enabled
CWE-16
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Low
Apache MultiViews Enabled
Apache MultiViews Enabled
CWE-16
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Low
Apache OFBiz Authentication Bypass (CVE-2023-51467)
Apache OFBiz Authentication Bypass (CVE-2023-51467)
CWE-CWE-287
, 
Critical
Apache OFBiz Log4Shell RCE
Apache OFBiz Log4Shell RCE
CWE-CWE-78
, 
High
Apache OFBiz RCE (CVE-2024-32113/CVE-2024-36104/CVE-2024-38856)
Apache OFBiz RCE (CVE-2024-32113/CVE-2024-36104/CVE-2024-38856)
CWE-CWE-22
, 
Critical
Apache OFBiz RCE (CVE-2024-45195)
Apache OFBiz RCE (CVE-2024-45195)
CWE-CWE-425
, 
Critical
Apache OFBiz SOAPService Deserialization RCE
Apache OFBiz SOAPService Deserialization RCE
AV:N/AC:M/Au:N/C:C/I:C/A:C
, 
CWE-CWE-502
, 
High
Apache OFBiz SSRF (CVE-2023-50968)
Apache OFBiz SSRF (CVE-2023-50968)
CWE-CWE-918
, 
High
Apache OFBiz SSRF (CVE-2024-45507)
Apache OFBiz SSRF (CVE-2024-45507)
CWE-CWE-918
, 
Critical
Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070)
Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070)
AV:N/AC:M/Au:N/C:N/I:P/A:N
, 
CWE-CWE-502
, 
High
Apache Server-Info Detected
Apache Server-Info Detected
CAPEC-347
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-16
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Medium
Apache Server-Status Detected
Apache Server-Status Detected
CAPEC-347
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-16
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Medium
Apache Shiro Identified
Apache Shiro Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Apache Struts Path traversal (S2-067/CVE-2024-53677, S2-066/CVE-2023-50164)
Apache Struts Path traversal (S2-067/CVE-2024-53677, S2-066/CVE-2023-50164)
CWE-CWE-434
, 
Critical
Apache Traffic Server Identified
Apache Traffic Server Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Apache Web Server Identified
Apache Web Server Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Apple’s App-Site Association (AASA) Detected
Apple’s App-Site Association (AASA) Detected
ISO27001-A.18.1.3
, 
Information
Arbitrary File Creation Detected
Arbitrary File Creation Detected
CWE-20
, 
OWASP 2017-A5
, 
High
Arbitrary File Deletion Detected
Arbitrary File Deletion Detected
CWE-20
, 
OWASP 2017-A5
, 
High
Artifactory DevOps Solution Identified
Artifactory DevOps Solution Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
ASP.NET Cookieless Authentication Is Enabled
ASP.NET Cookieless Authentication Is Enabled
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
ASP.NET Cookieless Session State Is Enabled
ASP.NET Cookieless Session State Is Enabled
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
ASP.NET CustomErrors Is Disabled
ASP.NET CustomErrors Is Disabled
CWE-16
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
Medium
ASP.NET Debugging Enabled
ASP.NET Debugging Enabled
CWE-16
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Information
ASP.NET: Failure To Require SSL For Authentication Cookies
ASP.NET: Failure To Require SSL For Authentication Cookies
CWE-16
, 
OWASP 2017-A6
, 
Medium
ASP.NET Identified
ASP.NET Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
ASP.NET Login Credentials Stored In Plain Text
ASP.NET Login Credentials Stored In Plain Text
CWE-312
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
Medium
ASP.NET MVC Identified
ASP.NET MVC Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
AspNetSignalR Identified
AspNetSignalR Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
ASP.NET Tracing Is Enabled
ASP.NET Tracing Is Enabled
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
, 
CWE-11
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
High
ASP.NET ValidateRequest Is Globally Disabled
ASP.NET ValidateRequest Is Globally Disabled
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
ASP.NET ViewStateUserKey Is Not Set
ASP.NET ViewStateUserKey Is Not Set
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Atlassian Confluence Identified
Atlassian Confluence Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Atlassian Jira Identified
Atlassian Jira Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Atlassian Proxy Identified
Atlassian Proxy Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
ATutor Detected
ATutor Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Authentication Bypass in Fortra's GoAnywhere MFT (CVE-2024-0204)
Authentication Bypass in Fortra's GoAnywhere MFT (CVE-2024-0204)
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
, 
CWE-425
, 
HIPAA-164.306(a)
, 
ISO27001-A.13.1.1
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.5.1
, 
WASC-1
, 
High
Authentication Bypass in Ivanti Connect Secure and Policy Secure (CVE-2023-46805)
Authentication Bypass in Ivanti Connect Secure and Policy Secure (CVE-2023-46805)
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
, 
CWE-287
, 
HIPAA-164.306(a)
, 
ISO27001-A.13.1.1
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.5.1
, 
WASC-1
, 
High
Authorization Required
Authorization Required
ISO27001-A.9.4.1
, 
Information
Autocomplete Enabled (Password Field)
Autocomplete Enabled (Password Field)
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
, 
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Information
Autocomplete is Enabled
Autocomplete is Enabled
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Low
AWS Dockerrun Configuration File Detected
AWS Dockerrun Configuration File Detected
CAPEC-118
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-527
, 
ISO27001-A9.4.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
AWStats Detected
AWStats Detected
CAPEC-224
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-45
, 
Information
Axios Identified
Axios Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Axis Development Mode Enabled in WEB-INF/server-config.wsdd
Axis Development Mode Enabled in WEB-INF/server-config.wsdd
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
Axis system configuration listing enabled in WEB-INF/server-config.wsdd
Axis system configuration listing enabled in WEB-INF/server-config.wsdd
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
Axway Secure Transport Detected
Axway Secure Transport Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
Information
Axway SecureTransport Server Identified
Axway SecureTransport Server Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
b2evolution Detected
b2evolution Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Backbonejs Identified
Backbonejs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Backup File Disclosure
Backup File Disclosure
CAPEC-87
, 
CWE-530
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A7
, 
OWASP 2017-A5
, 
PCI v3.2-6.5.8
, 
WASC-34
, 
Low
Backup Source Code Detected
Backup Source Code Detected
CAPEC-87
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
, 
CWE-530
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A7
, 
OWASP 2017-A5
, 
PCI v3.2-6.5.8
, 
WASC-34
, 
High
Base Tag Hijacking
Base Tag Hijacking
CAPEC-19
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
, 
CWE-20
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A3
, 
OWASP 2017-A7
, 
PCI v3.2-6.5.7
, 
WASC-8
, 
Medium
Bash Command Injection Vulnerability (Shellshock Bug)
Bash Command Injection Vulnerability (Shellshock Bug)
CAPEC-88
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C
, 
CWE-78
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A9
, 
PCI v3.2-6.5.1
, 
WASC-31
, 
Critical
Basic Authorization over HTTP
Basic Authorization over HTTP
CAPEC-65
, 
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
, 
CWE-319
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
High
Basic Authorization Required
Basic Authorization Required
ISO27001-A.9.4.1
, 
Information
BitNinja Captcha Server Identified
BitNinja Captcha Server Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Blind Command Injection
Blind Command Injection
CAPEC-88
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-78
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
WASC-31
, 
Critical