Web Application Vulnerabilities Index

This page lists 144 vulnerabilities categorized as medium severity that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Vulnerability Name
Classification
Severity
DbNinja Detected
DbNinja Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Default Page Detected (Apache)
Default Page Detected (Apache)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
Default Page Detected (CakePHP Framework)
Default Page Detected (CakePHP Framework)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
Default Page Detected (IIS 10.0)
Default Page Detected (IIS 10.0)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
Default Page Detected (IIS 6)
Default Page Detected (IIS 6)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
Default Page Detected (IIS 7)
Default Page Detected (IIS 7)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
Default Page Detected (IIS 7.5)
Default Page Detected (IIS 7.5)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
Default Page Detected (IIS 7.X)
Default Page Detected (IIS 7.X)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
Default Page Detected (IIS 8)
Default Page Detected (IIS 8)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
Default Page Detected (IIS 8.5)
Default Page Detected (IIS 8.5)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
Default Page Detected (Tomcat)
Default Page Detected (Tomcat)
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
default-src Used in Content Security Policy (CSP)
default-src Used in Content Security Policy (CSP)
ISO27001-A.14.2.5
, 
Information
Denial of Service (MySQL)
Denial of Service (MySQL)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
, 
CWE-400
, 
ISO27001-A.14.1.2
, 
WASC-10
, 
Information
Deprecated Header Instruction Used to Implement Content Security Policy (CSP)
Deprecated Header Instruction Used to Implement Content Security Policy (CSP)
CWE-16
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
Information
Digest Authorization Required
Digest Authorization Required
ISO27001-A.9.4.1
, 
Information
Directory Listing (Apache)
Directory Listing (Apache)
CAPEC-127
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-548
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-16
, 
Information
Directory Listing (ASP.NET Server)
Directory Listing (ASP.NET Server)
CAPEC-127
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-548
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-16
, 
Information
Directory Listing (IIS)
Directory Listing (IIS)
CAPEC-127
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-548
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-16
, 
Information
Directory Listing (Lighttpd)
Directory Listing (Lighttpd)
CAPEC-127
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-548
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-16
, 
Information
Directory Listing (LiteSpeed)
Directory Listing (LiteSpeed)
CAPEC-127
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-548
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-16
, 
Information
Directory Listing (Nginx)
Directory Listing (Nginx)
CAPEC-127
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-548
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-16
, 
Information
Directory Listing (Tomcat)
Directory Listing (Tomcat)
CAPEC-127
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-548
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-16
, 
Information
Directory Listing (WebDAV)
Directory Listing (WebDAV)
CAPEC-127
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-548
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-16
, 
Information
Disabled X-XSS-Protection Header
Disabled X-XSS-Protection Header
CWE-693
, 
ISO27001-A.14.1.2
, 
WASC-15
, 
Information
Django Debug Mode Enabled
Django Debug Mode Enabled
CAPEC-214
, 
CWE-16
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.5
, 
WASC-14
, 
Low
Django Identified
Django Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Docker Cloud Stack File Detected
Docker Cloud Stack File Detected
CAPEC-118
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-527
, 
ISO27001-A9.4.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Docker Compose File Detected
Docker Compose File Detected
CAPEC-118
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-527
, 
ISO27001-A9.4.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Dockerfile Detected
Dockerfile Detected
CAPEC-118
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-527
, 
ISO27001-A9.4.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
.dockerignore File Detected
.dockerignore File Detected
CAPEC-118
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-527
, 
ISO27001-A9.4.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Dojo Identified
Dojo Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
DokuWiki Detected
DokuWiki Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Dolibarr Detected
Dolibarr Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Dolphin Detected
Dolphin Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
DomPurify Identified
DomPurify Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
DotClear Detected
DotClear Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
dotCMS Identified
dotCMS Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Drupal Core - Remote Code Execution (CVE-2019-6340)
Drupal Core - Remote Code Execution (CVE-2019-6340)
CAPEC-242
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
, 
CWE-94
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
Critical
Drupal Detected
Drupal Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
.DS_Store File Found
.DS_Store File Found
CWE-284
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A7
, 
OWASP 2017-A5
, 
PCI v3.2-6.5.8
, 
WASC-2
, 
Low
Dwr Identified
Dwr Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
e107 Detected
e107 Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
EasyXdm Identified
EasyXdm Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
EfJs Identified
EfJs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Elgg Detected
Elgg Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Elmah.axd / Errorlog.axd Detected
Elmah.axd / Errorlog.axd Detected
CAPEC-347
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-16
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.6
, 
WASC-15
, 
High
Email Address Disclosure
Email Address Disclosure
CAPEC-118
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
CWE-200
, 
ISO27001-A.9.4.1
, 
WASC-13
, 
Information
Ember Identified
Ember Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Error-Based MongoDB Injection
Error-Based MongoDB Injection
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
, 
CWE-943
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
High
EspoCRM Detected
EspoCRM Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Exception Report Disclosure (Tomcat)
Exception Report Disclosure (Tomcat)
CAPEC-214
, 
CWE-248
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.5
, 
WASC-14
, 
Low
Expect-CT Header via HTTP
Expect-CT Header via HTTP
CWE-16
, 
ISO27001-A.14.1.2
, 
WASC-15
, 
Information
Expect-CT in Report Only Mode
Expect-CT in Report Only Mode
ISO27001-A.14.1.2
, 
Information
Expect-CT Not Enabled
Expect-CT Not Enabled
CWE-16
, 
ISO27001-A.14.1.2
, 
WASC-15
, 
Best Practice
Expect-CT Security Header Errors and Warnings
Expect-CT Security Header Errors and Warnings
CWE-16
, 
ISO27001-A.14.1.2
, 
WASC-15
, 
Information
Expired SSL Certificate
Expired SSL Certificate
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
, 
CWE-295
, 
OWASP 2017-A3
, 
Medium
Express Development Mode Is Enabled
Express Development Mode Is Enabled
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Medium
Express express-session Weak Secret Key Detected
Express express-session Weak Secret Key Detected
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
CWE-200
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Medium
Expression Language Injection
Expression Language Injection
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
, 
CWE-20
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
High
ExpressJS Identified
ExpressJS Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
ExtJs Identified
ExtJs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
EZProxy Identified
EZProxy Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
F5 Big-IP Local File Inclusion (CVE-2020-5902)
F5 Big-IP Local File Inclusion (CVE-2020-5902)
CAPEC-252
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-22
, 
HIPAA-164.306(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A4
, 
OWASP 2017-A5
, 
PCI v3.2-6.5.8
, 
WASC-33
, 
High
FabricJs Identified
FabricJs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Family Connections Detected
Family Connections Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
FancyBox Identified
FancyBox Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
File Upload Functionality Detected
File Upload Functionality Detected
ISO27001-A.8.1.1
, 
Information
Fingerprintjs2 Identified
Fingerprintjs2 Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Flickity Identified
Flickity Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
FluxBB Detected
FluxBB Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Footablejs Identified
Footablejs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Forbidden Resource
Forbidden Resource
ISO27001-A.8.1.1
, 
Information
Form Hijacking
Form Hijacking
CWE-20
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
WASC-20
, 
Low
Form Tools Detected
Form Tools Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information