Web Application Vulnerabilities Index

This page lists vulnerabilities categorized as Medium severity that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Vulnerability Name
Classification
Severity
Active Mixed Content over HTTPS
Active Mixed Content over HTTPS
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
, 
CWE-319
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
Medium
Anonymous Ciphers Supported
Anonymous Ciphers Supported
CAPEC-117
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
, 
CWE-311
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
Medium
Apache Server-Info Detected
Apache Server-Info Detected
CAPEC-347
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-16
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Medium
Apache Server-Status Detected
Apache Server-Status Detected
CAPEC-347
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-16
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Medium
ASP.NET Cookieless Authentication Is Enabled
ASP.NET Cookieless Authentication Is Enabled
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
ASP.NET Cookieless Session State Is Enabled
ASP.NET Cookieless Session State Is Enabled
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
ASP.NET CustomErrors Is Disabled
ASP.NET CustomErrors Is Disabled
CWE-16
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
Medium
ASP.NET: Failure To Require SSL For Authentication Cookies
ASP.NET: Failure To Require SSL For Authentication Cookies
CWE-16
, 
OWASP 2017-A6
, 
Medium
ASP.NET Login Credentials Stored In Plain Text
ASP.NET Login Credentials Stored In Plain Text
CWE-312
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
Medium
ASP.NET ValidateRequest Is Globally Disabled
ASP.NET ValidateRequest Is Globally Disabled
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
Axis Development Mode Enabled in WEB-INF/server-config.wsdd
Axis Development Mode Enabled in WEB-INF/server-config.wsdd
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
Axis system configuration listing enabled in WEB-INF/server-config.wsdd
Axis system configuration listing enabled in WEB-INF/server-config.wsdd
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
Base Tag Hijacking
Base Tag Hijacking
CAPEC-19
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
, 
CWE-20
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A3
, 
OWASP 2017-A7
, 
PCI v3.2-6.5.7
, 
WASC-8
, 
Medium
B.R.E.A.C.H. Attack Detected
B.R.E.A.C.H. Attack Detected
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
, 
CWE-310
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
Medium
BREACH Attack Detected
BREACH Attack Detected
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
, 
CWE-310
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
Medium
Critical Form Send to HTTP
Critical Form Send to HTTP
CAPEC-65
, 
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
, 
CWE-319
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
Medium
Critical Form Served over HTTP
Critical Form Served over HTTP
CAPEC-65
, 
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
, 
CWE-319
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
Medium
Custom Error Pages Are Not Configured in WEB-INF/web.xml
Custom Error Pages Are Not Configured in WEB-INF/web.xml
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
CVS Detected
CVS Detected
CAPEC-118
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-527
, 
ISO27001-A.9.4.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Medium
Expired SSL Certificate
Expired SSL Certificate
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
, 
CWE-295
, 
OWASP 2017-A3
, 
Medium
Express Development Mode Is Enabled
Express Development Mode Is Enabled
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Medium
Express express-session Weak Secret Key Detected
Express express-session Weak Secret Key Detected
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
CWE-200
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Medium
Frame Injection
Frame Injection
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
, 
CWE-601
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
WASC-38
, 
Medium
GIT Detected
GIT Detected
CAPEC-118
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-527
, 
ISO27001-A.9.4.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Medium
GraphiQL Explorer/Playground Enabled
GraphiQL Explorer/Playground Enabled
AV:N/AC:L/Au:N/C:P/I:N/A:N
, 
CWE-CWE-200
, 
Medium
GraphQL Alias Overloading Allowed: Potential Denial of Service Vulnerability
GraphQL Alias Overloading Allowed: Potential Denial of Service Vulnerability
AV:N/AC:L/Au:N/C:N/I:N/A:P
, 
CWE-CWE-400
, 
Medium
GraphQL Array-based Query Batching Allowed: Potential Batching Attack Vulnerability
GraphQL Array-based Query Batching Allowed: Potential Batching Attack Vulnerability
AV:N/AC:L/Au:N/C:P/I:P/A:P
, 
CWE-CWE-770
, 
Medium
GraphQL Circular-Query via Introspection Allowed: Potential DoS Vulnerability
GraphQL Circular-Query via Introspection Allowed: Potential DoS Vulnerability
AV:N/AC:L/Au:N/C:N/I:N/A:P
, 
CWE-CWE-400
, 
Medium
GraphQL Field Suggestions Enabled
GraphQL Field Suggestions Enabled
AV:N/AC:L/Au:N/C:P/I:N/A:N
, 
CWE-CWE-200
, 
Medium
GraphQL Introspection Query Enabled
GraphQL Introspection Query Enabled
AV:N/AC:L/Au:N/C:P/I:N/A:N
, 
CWE-CWE-200
, 
Medium
GraphQL Non-JSON Mutations over GET: Potential CSRF Vulnerability
GraphQL Non-JSON Mutations over GET: Potential CSRF Vulnerability
AV:N/AC:M/Au:N/C:P/I:P/A:N
, 
CWE-CWE-352
, 
Medium
GraphQL Non-JSON Queries over GET: Potential CSRF Vulnerability
GraphQL Non-JSON Queries over GET: Potential CSRF Vulnerability
AV:N/AC:M/Au:N/C:P/I:P/A:N
, 
CWE-CWE-352
, 
Medium
GraphQL Non-JSON Queries over POST: Potential CSRF Vulnerability
GraphQL Non-JSON Queries over POST: Potential CSRF Vulnerability
AV:N/AC:M/Au:N/C:P/I:P/A:N
, 
CWE-CWE-352
, 
Medium
GraphQL Unauthenticated Mutation Detected
GraphQL Unauthenticated Mutation Detected
AV:N/AC:L/Au:N/C:P/I:N/A:N
, 
CWE-CWE-306
, 
Medium
GraphQL Unhandled Error Leakage
GraphQL Unhandled Error Leakage
AV:N/AC:L/Au:N/C:P/I:N/A:N
, 
CWE-CWE-209
, 
Medium
HTTP Header Injection
HTTP Header Injection
CAPEC-105
, 
CWE-93
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
WASC-24
, 
Medium
HTTP Header Injection (IAST)
HTTP Header Injection (IAST)
CAPEC-105
, 
CWE-93
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
WASC-24
, 
Medium
HTTP Strict Transport Security (HSTS) Errors and Warnings
HTTP Strict Transport Security (HSTS) Errors and Warnings
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Medium
HTTP Strict Transport Security (HSTS) Policy Not Enabled
HTTP Strict Transport Security (HSTS) Policy Not Enabled
CAPEC-217
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
, 
CWE-523
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
WASC-4
, 
Medium
Insecure HTTP Usage
Insecure HTTP Usage
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
WASC-4
, 
Medium
Invalid SSL Certificate
Invalid SSL Certificate
CAPEC-459
, 
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
, 
CWE-295
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
Medium
JavaMelody Interface Detected
JavaMelody Interface Detected
CAPEC-347
, 
CWE-16
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Medium
Java Verb Tampering Via Misconfigured Security Constraint
Java Verb Tampering Via Misconfigured Security Constraint
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
JetBrains .idea Project Directory Detected
JetBrains .idea Project Directory Detected
CAPEC-118
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-285
, 
ISO27001-A9.4.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Medium
Microsoft Access Database File Detected
Microsoft Access Database File Detected
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
, 
CWE-285
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A7
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.8
, 
WASC-2
, 
Medium
Node.js Web Application does not handle uncaughtException
Node.js Web Application does not handle uncaughtException
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
CWE-248
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Medium
Node.js Web Application does not handle unhandledRejection
Node.js Web Application does not handle unhandledRejection
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
CWE-248
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Medium
Open Policy Crossdomain.xml Detected
Open Policy Crossdomain.xml Detected
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-16
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Medium
Open Redirection
Open Redirection
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
, 
CWE-601
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A10
, 
WASC-38
, 
Medium
Open Redirection (DOM based)
Open Redirection (DOM based)
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
, 
CWE-601
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A10
, 
WASC-38
, 
Medium
Open Silverlight Client Access Policy
Open Silverlight Client Access Policy
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-16
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Medium
Overly Long Session Timeout
Overly Long Session Timeout
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
PAN-OS GlobalProtect XSS (CVE-2025-0133)
PAN-OS GlobalProtect XSS (CVE-2025-0133)
CWE-CWE-79
, 
Medium
Password Transmitted over Query String
Password Transmitted over Query String
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
, 
CWE-598
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-13
, 
Medium
PHP enable_dl Is Enabled
PHP enable_dl Is Enabled
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
, 
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
PHP register_globals Is Enabled
PHP register_globals Is Enabled
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
CWE-473
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
PHP session.use_only_cookies Is Disabled
PHP session.use_only_cookies Is Disabled
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
, 
CWE-598
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
PHP session.use_trans_sid Is Enabled
PHP session.use_trans_sid Is Enabled
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
, 
CWE-598
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
Revoked SSL Certificate
Revoked SSL Certificate
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
, 
CWE-295
, 
OWASP 2017-A3
, 
Medium
RSA Private Key Detected
RSA Private Key Detected
CAPEC-118
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
WASC-13
, 
Medium
SAML Consumer Service KeyInfo RetrievalMethod SSRF
SAML Consumer Service KeyInfo RetrievalMethod SSRF
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
WASC-20
, 
Medium
SAML Consumer Service XSS Vulnerability
SAML Consumer Service XSS Vulnerability
CAPEC-19
, 
CWE-79
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A3
, 
OWASP 2017-A7
, 
PCI v3.2-6.5.7
, 
WASC-8
, 
Medium
Sensitive Data Exposure
Sensitive Data Exposure
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Amazon AWS Access Key Id
Sensitive Data Exposure - Amazon AWS Access Key Id
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Amazon AWS Secret Key
Sensitive Data Exposure - Amazon AWS Secret Key
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Amazon MWS Auth Token
Sensitive Data Exposure - Amazon MWS Auth Token
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Amazon SES SMTP Password
Sensitive Data Exposure - Amazon SES SMTP Password
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Consul Token
Sensitive Data Exposure - Consul Token
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Database Connection String - MongoDB - MySQL
Sensitive Data Exposure - Database Connection String - MongoDB - MySQL
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Database Connection String - PostgreSQL
Sensitive Data Exposure - Database Connection String - PostgreSQL
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Devise Secret Key
Sensitive Data Exposure - Devise Secret Key
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Facebook Access Token
Sensitive Data Exposure - Facebook Access Token
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Facebook App ID
Sensitive Data Exposure - Facebook App ID
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Facebook App Secret
Sensitive Data Exposure - Facebook App Secret
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium