Vulnerability Name
Classifications
Severity
Sensitive Data Exposure – Twitter Access Token Secret
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – WordPress Authentication Key/Salt
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Express Development Mode Is Enabled
CWE-200, ISO27001-A.9.4.1, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Medium
Express express-session Weak Secret Key Detected
CWE-200, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Medium
Version Disclosure (Varnish)
CAPEC-224, CWE-200, ISO27001-A.18.1.3, WASC-45
Low
Windows Username Disclosure
PCI v3.2-6.5.5, CAPEC-118, CWE-200, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A6, OWASP 2017-A3
Low
Information Disclosure (Microsoft Office)
PCI v3.2-6.5.5, CAPEC-118, CWE-200, ISO27001-A.18.1.3, WASC-13
Low
Internal IP Address Disclosure
CWE-200, ISO27001-A.18.1.4, OWASP 2013-A6, OWASP 2017-A3
Low
Referrer-Policy Not Implemented
CWE-200, ISO27001-A.14.2.5, OWASP 2013-A6, OWASP 2017-A3
Best Practice
Json Web Key Set Disclosure
CAPEC-118, CWE-200, ISO27001-A.18.1.4, WASC-13
Information
OpenSearch.xml Detected
CWE-200, ISO27001-A.18.1.3
Information
Referrer-Policy Needs Proper Fallback
CWE-200, ISO27001-A.14.2.5, OWASP 2013-A6, OWASP 2017-A6
Information