Web Application Vulnerabilities Index

This page lists vulnerabilities categorized as Information severity that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Vulnerability Name
Classification
Severity
Cloudflare Identified
Cloudflare Identified
CWE-205
, 
ISO27001-A14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Collabtive Detected
Collabtive Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Concrete5 Detected
Concrete5 Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Configuration File Detected
Configuration File Detected
CAPEC-87
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-425
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A7
, 
OWASP 2017-A5
, 
PCI v3.2-6.5.8
, 
WASC-34
, 
Information
contao Detected
contao Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Content Security Policy (CSP) Contains Out of Scope report-uri Domain
Content Security Policy (CSP) Contains Out of Scope report-uri Domain
ISO27001-A.14.2.5
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
Information
Content Security Policy (CSP) Keywords Not Used Within Single Quotes
Content Security Policy (CSP) Keywords Not Used Within Single Quotes
CWE-16
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Information
Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes
Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes
CWE-16
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Information
Content Security Policy (CSP) Nonce Without Matching Script Block
Content Security Policy (CSP) Nonce Without Matching Script Block
CWE-16
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Information
Content Security Policy (CSP) report-uri Uses HTTP
Content Security Policy (CSP) report-uri Uses HTTP
ISO27001-A.14.2.5
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
Information
Content-Security-Policy-Report-Only Cannot Be Declared Between META Tags
Content-Security-Policy-Report-Only Cannot Be Declared Between META Tags
CWE-16
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Information
Content-Security-Policy-Report-Only Cannot Be Declared Without report-uri Directive
Content-Security-Policy-Report-Only Cannot Be Declared Without report-uri Directive
CWE-16
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Information
cookieconsent2 Detected
cookieconsent2 Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Coppermine Detected
Coppermine Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Cowboy HTTP Server Identified
Cowboy HTTP Server Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Craft CMS Identified
Craft CMS Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Credit Card Disclosure
Credit Card Disclosure
CAPEC-118
, 
CWE-213
, 
ISO27001-A.18.1.4
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.3
, 
WASC-13
, 
Information
Crossdomain.xml Detected
Crossdomain.xml Detected
ISO27001-A.12.5.1
, 
Information
Cross-site Referrer Leakage through usage of no-referrer-when-downgrade in Referrer-Policy
Cross-site Referrer Leakage through usage of no-referrer-when-downgrade in Referrer-Policy
CWE-200
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A6
, 
OWASP 2017-A6
, 
Information
Cross-site Referrer Leakage through usage of origin-when-cross-origin in Referrer-Policy
Cross-site Referrer Leakage through usage of origin-when-cross-origin in Referrer-Policy
CWE-200
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A6
, 
OWASP 2017-A6
, 
Information
Cross-site Referrer Leakage through usage of strict-origin in Referrer-Policy
Cross-site Referrer Leakage through usage of strict-origin in Referrer-Policy
CWE-200
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A6
, 
OWASP 2017-A6
, 
Information
Cross-site Referrer Leakage through usage of strict-origin-when-cross-origin in Referrer-Policy
Cross-site Referrer Leakage through usage of strict-origin-when-cross-origin in Referrer-Policy
CWE-200
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A6
, 
OWASP 2017-A6
, 
Information
Cross-site Referrer Leakage through usage of the origin keyword in Referrer-Policy
Cross-site Referrer Leakage through usage of the origin keyword in Referrer-Policy
CWE-200
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A6
, 
OWASP 2017-A6
, 
Information
Cross-site Referrer Leakage through usage of unsafe-url in Referrer-Policy
Cross-site Referrer Leakage through usage of unsafe-url in Referrer-Policy
CWE-200
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A6
, 
OWASP 2017-A6
, 
Information
CrushFTP Server Detected
CrushFTP Server Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
CubeCart Detected
CubeCart Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
D3Js Identified
D3Js Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Daiquiri Detected
Daiquiri Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Database Connection String Detected
Database Connection String Detected
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-16
, 
HIPAA-164.306(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
WASC-15
, 
Information
Database Detected (HSQLDB)
Database Detected (HSQLDB)
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Database Detected (Microsoft Access)
Database Detected (Microsoft Access)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Database Detected (Microsoft SQL Server)
Database Detected (Microsoft SQL Server)
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Database Detected (MongoDB)
Database Detected (MongoDB)
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Database Detected (MySQL)
Database Detected (MySQL)
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Database Detected (Oracle)
Database Detected (Oracle)
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Database Detected (PostgreSQL)
Database Detected (PostgreSQL)
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Database Detected (SQLite)
Database Detected (SQLite)
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
DataDome Identified
DataDome Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
DataTables Identified
DataTables Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
data: Used in a Content Security Policy (CSP) Directive
data: Used in a Content Security Policy (CSP) Directive
ISO27001-A.14.2.5
, 
Information
DbNinja Detected
DbNinja Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Default Page Detected (Apache)
Default Page Detected (Apache)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
Default Page Detected (CakePHP Framework)
Default Page Detected (CakePHP Framework)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
Default Page Detected (IIS 10.0)
Default Page Detected (IIS 10.0)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
Default Page Detected (IIS 6)
Default Page Detected (IIS 6)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
Default Page Detected (IIS 7)
Default Page Detected (IIS 7)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
Default Page Detected (IIS 7.5)
Default Page Detected (IIS 7.5)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
Default Page Detected (IIS 7.X)
Default Page Detected (IIS 7.X)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
Default Page Detected (IIS 8)
Default Page Detected (IIS 8)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
Default Page Detected (IIS 8.5)
Default Page Detected (IIS 8.5)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
Default Page Detected (Tomcat)
Default Page Detected (Tomcat)
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
default-src Used in Content Security Policy (CSP)
default-src Used in Content Security Policy (CSP)
ISO27001-A.14.2.5
, 
Information
Denial of Service (MySQL)
Denial of Service (MySQL)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
, 
CWE-400
, 
ISO27001-A.14.1.2
, 
WASC-10
, 
Information
Deprecated Header Instruction Used to Implement Content Security Policy (CSP)
Deprecated Header Instruction Used to Implement Content Security Policy (CSP)
CWE-16
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
Information
Digest Authorization Required
Digest Authorization Required
ISO27001-A.9.4.1
, 
Information
Directory Listing (Apache)
Directory Listing (Apache)
CAPEC-127
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-548
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-16
, 
Information
Directory Listing (ASP.NET Server)
Directory Listing (ASP.NET Server)
CAPEC-127
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-548
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-16
, 
Information
Directory Listing (IIS)
Directory Listing (IIS)
CAPEC-127
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-548
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-16
, 
Information
Directory Listing (Lighttpd)
Directory Listing (Lighttpd)
CAPEC-127
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-548
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-16
, 
Information
Directory Listing (LiteSpeed)
Directory Listing (LiteSpeed)
CAPEC-127
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-548
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-16
, 
Information
Directory Listing (Nginx)
Directory Listing (Nginx)
CAPEC-127
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-548
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-16
, 
Information
Directory Listing (Tomcat)
Directory Listing (Tomcat)
CAPEC-127
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-548
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-16
, 
Information
Directory Listing (WebDAV)
Directory Listing (WebDAV)
CAPEC-127
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-548
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-16
, 
Information
Django Identified
Django Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Dojo Identified
Dojo Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
DokuWiki Detected
DokuWiki Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Dolibarr Detected
Dolibarr Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Dolphin Detected
Dolphin Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
DomPurify Identified
DomPurify Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
DotClear Detected
DotClear Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
dotCMS Identified
dotCMS Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Drupal Detected
Drupal Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Dwr Identified
Dwr Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
e107 Detected
e107 Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information