Web Application Vulnerabilities Index

This page lists 144 vulnerabilities categorized as medium severity that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Select Vulnerability
Vulnerability Name
Classification
Severity
Insecure JSONP Endpoint
Insecure JSONP Endpoint
CWE-20
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
OWASP 2013-A5
, 
OWASP 2017-A1
, 
Low
Insecure Protocol Detected in Content Security Policy (CSP)
Insecure Protocol Detected in Content Security Policy (CSP)
CWE-319
, 
ISO27001-A.14.2.5
, 
Information
Insecure Reflected Content
Insecure Reflected Content
CWE-16
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
OWASP 2013-A5
, 
OWASP 2017-A1
, 
Low
Insecure Transportation Security Protocol Supported (SSLv2)
Insecure Transportation Security Protocol Supported (SSLv2)
PCI v3.2-6.5.4
, 
CAPEC-217
, 
CWE-326
, 
HIPAA-164.306
, 
ISO27001-A.14.1.3
, 
WASC-4
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
, 
High
Insecure Transportation Security Protocol Supported (SSLv3)
Insecure Transportation Security Protocol Supported (SSLv3)
PCI v3.2-6.5.4
, 
CAPEC-217
, 
CWE-326
, 
HIPAA-164.306
, 
ISO27001-A.14.1.3
, 
WASC-4
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
, 
High
Insecure Transportation Security Protocol Supported (TLS 1.0)
Insecure Transportation Security Protocol Supported (TLS 1.0)
PCI v3.2-6.5.4
, 
CAPEC-217
, 
CWE-326
, 
HIPAA-164.306
, 
ISO27001-A.14.1.3
, 
WASC-4
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
High
Insecure Transportation Security Protocol Supported (TLS 1.1)
Insecure Transportation Security Protocol Supported (TLS 1.1)
PCI v3.2-6.5.4
, 
CAPEC-217
, 
CWE-326
, 
HIPAA-164.306
, 
ISO27001-A.14.1.3
, 
WASC-4
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
Low
Insecure Usage of Version 1 GUID
Insecure Usage of Version 1 GUID
CWE-328
, 
OWASP 2013-A9
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N
, 
Information
Installation File Detected
Installation File Detected
PCI v3.2-6.5.8
, 
CAPEC-87
, 
CWE-425
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-34
, 
OWASP 2013-A7
, 
OWASP 2017-A5
, 
Information
Intermediate Certificate is Signed Using a Weak Signature Algorithm
Intermediate Certificate is Signed Using a Weak Signature Algorithm
CAPEC-459
, 
ISO27001-A.10
, 
WASC-4
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
Information
Internal IP Address Disclosure
Internal IP Address Disclosure
CWE-200
, 
ISO27001-A.18.1.4
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
Low
Internal Path Disclosure (*nix)
Internal Path Disclosure (*nix)
CAPEC-118
, 
CWE-200
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.9.4.1
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Internal Path Disclosure (Windows)
Internal Path Disclosure (Windows)
CAPEC-118
, 
CWE-200
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.8.1.1
, 
WASC-13
, 
Information
Internal Server Error
Internal Server Error
CWE-550
, 
ISO27001-A.14.1.2
, 
WASC-13
, 
Low
Introjs Identified
Introjs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Invalid Content Security Policy (CSP) Directive Identified in meta Elements
Invalid Content Security Policy (CSP) Directive Identified in meta Elements
CWE-16
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Information
Invalid SSL Certificate
Invalid SSL Certificate
PCI v3.2-6.5.4
, 
CAPEC-459
, 
CWE-295
, 
ISO27001-A.14.1.3
, 
WASC-4
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
, 
Medium
IonRangeSlider Identified
IonRangeSlider Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Ivanti ICS and IPS Command Injection - CVE-2024-21887
Ivanti ICS and IPS Command Injection - CVE-2024-21887
PCI v3.2-6.5.1
, 
CAPEC-88
, 
CWE-78
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-31
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Java Identified
Java Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
JavaMelody Interface Detected
JavaMelody Interface Detected
CAPEC-347
, 
CWE-16
, 
ISO27001-A.18.1.3
, 
WASC-14
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
JavaScriptCookie Identified
JavaScriptCookie Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Java Servlet Identified
Java Servlet Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Java Verb Tampering Via Misconfigured Security Constraint
Java Verb Tampering Via Misconfigured Security Constraint
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
Medium
JBoss Application Server Identified
JBoss Application Server Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
JBoss Core Services Identified
JBoss Core Services Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
JBoss Enterprise Application Platform Identified
JBoss Enterprise Application Platform Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
JBoss Web Console JMX Invoker
JBoss Web Console JMX Invoker
CWE-200
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
, 
High
Jenkins Identified
Jenkins Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
JetBrains .idea Project Directory Detected
JetBrains .idea Project Directory Detected
CAPEC-118
, 
CWE-285
, 
ISO27001-A9.4.5
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
Medium
Jetty Web Server Identified
Jetty Web Server Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Jolokia Identified
Jolokia Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Joomla Detected
Joomla Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
jPlayer Identified
jPlayer Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
jQuery Identified
jQuery Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
JqueryMask Identified
JqueryMask Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
jQueryMigrate Identified
jQueryMigrate Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
jQueryMobile Identified
jQueryMobile Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
JQuery placeholder.js Identified
JQuery placeholder.js Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
jQueryUiAutocomplete Identified
jQueryUiAutocomplete Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
jQueryUiDialog Identified
jQueryUiDialog Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
jQueryUiTooltip Identified
jQueryUiTooltip Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
JqueryValidation Identified
JqueryValidation Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Json Web Key Set Disclosure
Json Web Key Set Disclosure
CAPEC-118
, 
CWE-200
, 
ISO27001-A.18.1.4
, 
WASC-13
, 
Information
JSP Identified
JSP Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
JsTree Identified
JsTree Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
jszip Identified
jszip Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
JWT Detected
JWT Detected
CWE-205
, 
Information
JWT Forgery via Chaining Jku Parameter with Open Redirect
JWT Forgery via Chaining Jku Parameter with Open Redirect
CWE-347
, 
OWASP 2017-A2
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
, 
High
JWT Forgery via Path Traversal
JWT Forgery via Path Traversal
CWE-22
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
, 
High
JWT Forgery via SQL Injection
JWT Forgery via SQL Injection
CWE-89
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
High
JWT Forgery via unvalidated jku parameter
JWT Forgery via unvalidated jku parameter
CWE-639
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
, 
High
JWT kid Parameter Out of Band Command Injection
JWT kid Parameter Out of Band Command Injection
PCI v3.2-6.5.1
, 
CAPEC-88
, 
CWE-78
, 
ISO27001-A.14.2.5
, 
WASC-31
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
JWT Signature Bypass via None Algorithm
JWT Signature Bypass via None Algorithm
CWE-287
, 
OWASP 2017-A2
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
, 
High
JWT Signature is not Verified
JWT Signature is not Verified
CWE-287
, 
OWASP 2017-A2
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
, 
High
Kestrel Detected
Kestrel Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Knockoutjs Identified
Knockoutjs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
KnockoutMapping Identified
KnockoutMapping Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Kong Identified
Kong Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Laravel Debug Mode Enabled
Laravel Debug Mode Enabled
PCI v3.2-6.5.5
, 
CAPEC-214
, 
CWE-16
, 
ISO27001-A.14.1.2
, 
WASC-14
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Laravel Environment Configuration File Detected
Laravel Environment Configuration File Detected
CWE-285
, 
ISO27001-A.9.4.1
, 
WASC-15
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Lazyjs Identified
Lazyjs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
LDAP Injection (IAST)
LDAP Injection (IAST)
PCI v3.2-6.5.1
, 
CAPEC-66
, 
CWE-89
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-19
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Leaflet Identified
Leaflet Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Liferay Digital Experience Platform Detected
Liferay Digital Experience Platform Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Liferay Portal Detected
Liferay Portal Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Lightbox Identified
Lightbox Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Lighthouse Identified
Lighthouse Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Lighttpd Identified
Lighttpd Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
LimeSurvey Detected
LimeSurvey Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
ListJs Identified
ListJs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
LiteSpeed Web Server Identified
LiteSpeed Web Server Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Local File Inclusion
Local File Inclusion
PCI v3.2-6.5.8
, 
CAPEC-252
, 
CWE-22
, 
HIPAA-164.306(a)
, 
ISO27001-A.14.2.5
, 
WASC-33
, 
OWASP 2013-A4
, 
OWASP 2017-A5
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
High
Local File Inclusion (IAST)
Local File Inclusion (IAST)
PCI v3.2-6.5.8
, 
CAPEC-252
, 
CWE-22
, 
HIPAA-164.306(a)
, 
ISO27001-A.14.2.5
, 
WASC-33
, 
OWASP 2013-A4
, 
OWASP 2017-A5
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
High