Web Application Vulnerabilities Index

This page lists 144 vulnerabilities categorized as medium severity that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Vulnerability Name
Classification
Severity
Code Execution via SSTI (Python Mako)
Code Execution via SSTI (Python Mako)
Critical
Code Execution via SSTI (Python Tornado)
Code Execution via SSTI (Python Tornado)
Critical
Code Execution via SSTI (Ruby ERB)
Code Execution via SSTI (Ruby ERB)
Critical
Code Execution via SSTI (Ruby Slim)
Code Execution via SSTI (Ruby Slim)
Critical
Code Execution via WebDAV
Code Execution via WebDAV
Critical
Collabtive Detected
Collabtive Detected
Information
Command Injection
Command Injection
Critical
Command Injection (IAST)
Command Injection (IAST)
Critical
Concrete5 Detected
Concrete5 Detected
Information
Configuration File Detected
Configuration File Detected
Information
Content Security Policy (CSP) Contains Out of Scope report-uri Domain
Content Security Policy (CSP) Contains Out of Scope report-uri Domain
Information
Content Security Policy (CSP) Keywords Not Used Within Single Quotes
Content Security Policy (CSP) Keywords Not Used Within Single Quotes
Information
Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes
Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes
Information
Content Security Policy (CSP) Nonce Without Matching Script Block
Content Security Policy (CSP) Nonce Without Matching Script Block
Information
Content Security Policy (CSP) Not Implemented
Content Security Policy (CSP) Not Implemented
Best Practice
Content Security Policy (CSP) report-uri Uses HTTP
Content Security Policy (CSP) report-uri Uses HTTP
Information
Content-Security-Policy-Report-Only Cannot Be Declared Between META Tags
Content-Security-Policy-Report-Only Cannot Be Declared Between META Tags
Information
Content-Security-Policy-Report-Only Cannot Be Declared Without report-uri Directive
Content-Security-Policy-Report-Only Cannot Be Declared Without report-uri Directive
Information
Cookie Not Marked as HttpOnly
Cookie Not Marked as HttpOnly
Low
Cookie Not Marked as Secure
Cookie Not Marked as Secure
Low
Cookie Values Used in Anti-CSRF Token
Cookie Values Used in Anti-CSRF Token
Low
Coppermine Detected
Coppermine Detected
Information
Cowboy HTTP Server Identified
Cowboy HTTP Server Identified
Information
Craft CMS Identified
Craft CMS Identified
Information
Credit Card Disclosure
Credit Card Disclosure
Information
Critical Form Send to HTTP
Critical Form Send to HTTP
Medium
Critical Form Served over HTTP
Critical Form Served over HTTP
Medium
Cross-site Referrer Leakage through usage of no-referrer-when-downgrade in Referrer-Policy
Cross-site Referrer Leakage through usage of no-referrer-when-downgrade in Referrer-Policy
Information
Cross-site Referrer Leakage through usage of origin-when-cross-origin in Referrer-Policy
Cross-site Referrer Leakage through usage of origin-when-cross-origin in Referrer-Policy
Information
Cross-site Referrer Leakage through usage of strict-origin in Referrer-Policy
Cross-site Referrer Leakage through usage of strict-origin in Referrer-Policy
Information
Cross-site Referrer Leakage through usage of strict-origin-when-cross-origin in Referrer-Policy
Cross-site Referrer Leakage through usage of strict-origin-when-cross-origin in Referrer-Policy
Information
Cross-site Referrer Leakage through usage of the origin keyword in Referrer-Policy
Cross-site Referrer Leakage through usage of the origin keyword in Referrer-Policy
Information
Cross-site Referrer Leakage through usage of unsafe-url in Referrer-Policy
Cross-site Referrer Leakage through usage of unsafe-url in Referrer-Policy
Information
Cross-site Request Forgery
Cross-site Request Forgery
Low
Cross-site Request Forgery in Login Form
Cross-site Request Forgery in Login Form
Low
Cross-site Scripting
Cross-site Scripting
High
Cross-site Scripting (DOM based)
Cross-site Scripting (DOM based)
High
Cross-site Scripting via File Upload
Cross-site Scripting via File Upload
High
Cross-site Scripting via Remote File Inclusion
Cross-site Scripting via Remote File Inclusion
High
Crossdomain.xml Detected
Crossdomain.xml Detected
Information
CrushFTP Server Detected
CrushFTP Server Detected
Information
CubeCart Detected
CubeCart Detected
Information
Custom Error Pages Are Not Configured in WEB-INF/web.xml
Custom Error Pages Are Not Configured in WEB-INF/web.xml
Medium
D3Js Identified
D3Js Identified
Information
Daiquiri Detected
Daiquiri Detected
Information
DataDome Identified
DataDome Identified
Information
DataTables Identified
DataTables Identified
Information
Database Connection String Detected
Database Connection String Detected
Information
Database Detected (HSQLDB)
Database Detected (HSQLDB)
Information
Database Detected (Microsoft Access)
Database Detected (Microsoft Access)
Information
Database Detected (Microsoft SQL Server)
Database Detected (Microsoft SQL Server)
Information
Database Detected (MongoDB)
Database Detected (MongoDB)
Information
Database Detected (MySQL)
Database Detected (MySQL)
Information
Database Detected (Oracle)
Database Detected (Oracle)
Information
Database Detected (PostgreSQL)
Database Detected (PostgreSQL)
Information
Database Detected (SQLite)
Database Detected (SQLite)
Information
Database Error Message Disclosure
Database Error Message Disclosure
Low
Database Name Disclosure (Microsoft SQL Server)
Database Name Disclosure (Microsoft SQL Server)
Low
Database Name Disclosure (MySQL)
Database Name Disclosure (MySQL)
Low
Database User Has Admin Privileges
Database User Has Admin Privileges
High
DbNinja Detected
DbNinja Detected
Information
Default Page Detected (Apache)
Default Page Detected (Apache)
Information
Default Page Detected (CakePHP Framework)
Default Page Detected (CakePHP Framework)
Information
Default Page Detected (IIS 10.0)
Default Page Detected (IIS 10.0)
Information
Default Page Detected (IIS 6)
Default Page Detected (IIS 6)
Information
Default Page Detected (IIS 7)
Default Page Detected (IIS 7)
Information
Default Page Detected (IIS 7.5)
Default Page Detected (IIS 7.5)
Information
Default Page Detected (IIS 7.X)
Default Page Detected (IIS 7.X)
Information
Default Page Detected (IIS 8)
Default Page Detected (IIS 8)
Information
Default Page Detected (IIS 8.5)
Default Page Detected (IIS 8.5)
Information
Default Page Detected (Tomcat)
Default Page Detected (Tomcat)
Information
Denial of Service (MySQL)
Denial of Service (MySQL)
Information
Deprecated Header Instruction Used to Implement Content Security Policy (CSP)
Deprecated Header Instruction Used to Implement Content Security Policy (CSP)
Information
Digest Authorization Required
Digest Authorization Required
Information