Web Application Vulnerabilities Index

This page lists vulnerabilities categorized as Low severity that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Vulnerability Name
Classification
Severity
Version Disclosure (Telerik Web UI)
Version Disclosure (Telerik Web UI)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (ThreeJs)
Version Disclosure (ThreeJs)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (TinyMCE)
Version Disclosure (TinyMCE)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Tomcat)
Version Disclosure (Tomcat)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Tornado)
Version Disclosure (Tornado)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Trac Software Project Management Tool)
Version Disclosure (Trac Software Project Management Tool)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Tracy Debugging Tool)
Version Disclosure (Tracy Debugging Tool)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (TwistedWeb HTTP Server)
Version Disclosure (TwistedWeb HTTP Server)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Typeaheadjs)
Version Disclosure (Typeaheadjs)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Typo3Cms)
Version Disclosure (Typo3Cms)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (UAParser.js)
Version Disclosure (UAParser.js)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Underscorejs)
Version Disclosure (Underscorejs)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Undertow Web Server)
Version Disclosure (Undertow Web Server)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (VanillaForums)
Version Disclosure (VanillaForums)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Varnish)
Version Disclosure (Varnish)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Low
Version Disclosure (Videojs)
Version Disclosure (Videojs)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Vuejs)
Version Disclosure (Vuejs)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (W3 Total Cache)
Version Disclosure (W3 Total Cache)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (WebErp)
Version Disclosure (WebErp)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (WeBid)
Version Disclosure (WeBid)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (WebLogic)
Version Disclosure (WebLogic)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (WEBrick)
Version Disclosure (WEBrick)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Werkzeug Python WSGI Library)
Version Disclosure (Werkzeug Python WSGI Library)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (WordPress)
Version Disclosure (WordPress)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Xoops)
Version Disclosure (Xoops)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (XRegExp)
Version Disclosure (XRegExp)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (XWiki)
Version Disclosure (XWiki)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (YetiForceCrm)
Version Disclosure (YetiForceCrm)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Yourls)
Version Disclosure (Yourls)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Yui)
Version Disclosure (Yui)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (ZenCart)
Version Disclosure (ZenCart)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (ZenPhoto)
Version Disclosure (ZenPhoto)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Zeptojs)
Version Disclosure (Zeptojs)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Zikula)
Version Disclosure (Zikula)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Version Disclosure (Zope)
Version Disclosure (Zope)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
ViewState is not Encrypted
ViewState is not Encrypted
CWE-16
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-15
, 
Low
{{vulnName}}
{{vulnName}}
No items found.
Low
Windows Short Filename
Windows Short Filename
CAPEC-87
, 
CWE-538
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.8.2.3
, 
OWASP 2013-A7
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.8
, 
WASC-34
, 
Low
Windows Username Disclosure
Windows Username Disclosure
CAPEC-118
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.5
, 
WASC-13
, 
Low
Wing FTP Anonymous access
Wing FTP Anonymous access
CWE-CWE-200
, 
Low
WordPress Plugin Akismet Spam Protection Version Disclosure
WordPress Plugin Akismet Spam Protection Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Plugin All-in-One WP Migration Version Disclosure
WordPress Plugin All-in-One WP Migration Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Plugin Backup Migration Version Disclosure
WordPress Plugin Backup Migration Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Plugin Classic Editor Version Disclosure
WordPress Plugin Classic Editor Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Plugin Contact Form 7 Version Disclosure
WordPress Plugin Contact Form 7 Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Plugin Contact Form by WPForms Version Disclosure
WordPress Plugin Contact Form by WPForms Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Plugin Elementor Website Builder Version Disclosure
WordPress Plugin Elementor Website Builder Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Plugin Jetpack Version Disclosure
WordPress Plugin Jetpack Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Plugin Jupiter X Core Version Disclosure
WordPress Plugin Jupiter X Core Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Plugin LiteSpeed Cache Version Disclosure
WordPress Plugin LiteSpeed Cache Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Plugin Login with Phone Number Version Disclosure
WordPress Plugin Login with Phone Number Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Plugin Really Simple SSL Version Disclosure
WordPress Plugin Really Simple SSL Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Plugin Smash Balloon Social Photo Feed Version Disclosure
WordPress Plugin Smash Balloon Social Photo Feed Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Plugin Ultimate Member Version Disclosure
WordPress Plugin Ultimate Member Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Plugin Updraft Plus Version Disclosure
WordPress Plugin Updraft Plus Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Plugin WooCommerce Version Disclosure
WordPress Plugin WooCommerce Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Plugin Wordfence Security Version Disclosure
WordPress Plugin Wordfence Security Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Plugin WordPress Importer Version Disclosure
WordPress Plugin WordPress Importer Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Plugin Yoast Duplicate Post Version Disclosure
WordPress Plugin Yoast Duplicate Post Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Plugin Yoast SEO Version Disclosure
WordPress Plugin Yoast SEO Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Theme Alishop Version Disclosure
WordPress Theme Alishop Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Theme Astra Version Disclosure
WordPress Theme Astra Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Theme Avesa Version Disclosure
WordPress Theme Avesa Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Theme Bosmarket Version Disclosure
WordPress Theme Bosmarket Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Theme Floris Version Disclosure
WordPress Theme Floris Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Theme Furniki Version Disclosure
WordPress Theme Furniki Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Theme Gaion Version Disclosure
WordPress Theme Gaion Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Theme GeneratePress Version Disclosure
WordPress Theme GeneratePress Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Theme Go Version Disclosure
WordPress Theme Go Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Theme GrShop Grocery Version Disclosure
WordPress Theme GrShop Grocery Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Theme Hello Elementor Version Disclosure
WordPress Theme Hello Elementor Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Theme HiStore Version Disclosure
WordPress Theme HiStore Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Theme Homevillas Real Estate Version Disclosure
WordPress Theme Homevillas Real Estate Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
WordPress Theme Houskit Version Disclosure
WordPress Theme Houskit Version Disclosure
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low