Web Vulnerability & Security Check

Web Application Vulnerabilities Index

This page lists 144 vulnerabilities categorized as medium severity that can be detected by Invicti.

Select Category

Select Vulnerability

Vulnerability Name

Classification

Severity

Social Security Number Disclosure

Low

SonicWall SSL-VPN Server Identified

Information

Sortablejs Identified

Information

Source Code Disclosure (ASP.NET)

Medium

Source Code Disclosure (ColdFusion)

Medium

Source Code Disclosure (Generic)

Medium

Source Code Disclosure (JSP)

Medium

Source Code Disclosure (Java Servlet)

Medium

Source Code Disclosure (Java)

Medium

Source Code Disclosure (PHP)

Medium

Source Code Disclosure (Perl)

Medium

Source Code Disclosure (Python)

Medium

Source Code Disclosure (Ruby)

Medium

Source Code Disclosure (Tomcat)

Medium

Spring Boot Actuator Endpoint Detected

Medium

Spring Boot Misconfiguration: Actuator endpoint security disabled

Medium

Spring Boot Misconfiguration: Admin MBean enabled

Medium

Spring Boot Misconfiguration: All Spring Boot Actuator endpoints are web exposed

Medium

Spring Boot Misconfiguration: Datasource credentials stored in the properties file

Medium

Spring Boot Misconfiguration: Developer tools enabled on production

Medium

Spring Boot Misconfiguration: H2 console enabled

Medium

Spring Boot Misconfiguration: MongoDB credentials stored in the properties file

Medium

Spring Boot Misconfiguration: Overly long session timeout

Medium

Spring Boot Misconfiguration: Spring Boot Actuator shutdown endpoint is web exposed

Medium

Spring Boot Misconfiguration: Unsafe value for session tracking

Medium

Spring Framework Identified

Information

Spring Misconfiguration: HTML Escaping disabled

Medium

Squarespace Identified

Information

Squid Identified

Information

Stack Trace Disclosure (ASP.NET)

Low

Stack Trace Disclosure (Apache MyFaces)

Low

Stack Trace Disclosure (Apache Shiro)

Low

Stack Trace Disclosure (CakePHP Framework)

Low

Stack Trace Disclosure (CherryPy)

Low

Stack Trace Disclosure (ColdFusion)

Medium

Stack Trace Disclosure (Django)

Medium

Stack Trace Disclosure (Grails)

Low

Stack Trace Disclosure (GraphQL)

Low

Stack Trace Disclosure (Java)

Medium

Stack Trace Disclosure (Laravel)

Medium

Stack Trace Disclosure (Node.js)

Low

Stack Trace Disclosure (PHP)

Low

Stack Trace Disclosure (Python)

Medium

Stack Trace Disclosure (RoR)

Medium

Stack Trace Disclosure (Ruby-Sinatra Framework)

Medium

Static Nonce Identified in Content Security Policy (CSP)

Information

Stored Cross-site Scripting

High

Struts 2 Config Browser plugin enabled

Medium

Struts 2 Development Mode Enabled

Medium

Struts2 Development Mode Enabled

Low

Sublime SFTP Config File Detected

Medium

Subresource Integrity (SRI) Hash Invalid

Low

Subresource Integrity (SRI) Not Implemented

Best Practice

Sugar CRM Identified

Information

SwaggerUI Identified

Information

SweetAlert2 Identified

Information

TCExam Detected

Information

TLS/SSL Certificate Key Size Too Small

Medium

TRACE/TRACK Method Detected

Low

TS Web Access Identified

Information

Tableau Server Detected

Information

Taleo Web Server Identified

Information

Telerik Web UI Identified

Information

Test File Detected

Information

Text4Shell Remote Code Execution - (CVE-2022-42889)

Critical

ThreeJs Identified

Information

TinyMCE Identified

Information

Tomcat Identified

Information

TorchServe Management API Publicly Exposed

High

TorchServe Management API SSRF (CVE-2023-43654)

Critical

Tornado Web Server Identified

Information

Trac Software Project Management Tool Identified

Information

Trace.axd Detected

High

Tracy Debugging Identified

Information