Vulnerabilities

NAME
COMPLIANCE
SEVERITY
Vulnerability NameComplianceSeverity
AngularJS library with known vulnerabilities{"owasp10"=>"A5, A6", "pci"=>"6.2"}
low
Application error message{"owasp10"=>"A5", "pci"=>"6.5.5"}
medium
ASP.NET debugging enabled{"owasp10"=>"A5", "pci"=>"6.5.5"}
low
ASP.NET tracing enabled{"owasp10"=>"A5", "pci"=>"6.5.5"}
high
ASP.NET ViewState without MAC{"owasp10"=>"A5"}
low
Backbone library with known vulnerabilities{"owasp10"=>"A5, A6", "pci"=>"6.2"}
low
Bootstrap library with known vulnerabilities{"owasp10"=>"A5, A6", "pci"=>"6.2"}
low
Browser content sniffing allowed{"owasp10"=>"A5"}
low
Browser XSS protection disabled{"owasp10"=>"A5"}
low
Certificate with insufficient key size or usage, or insecure signature algorithm{"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}
low
Certificate without revocation information{"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}
low
CKEditor library with known vulnerabilities{"owasp10"=>"A5, A6", "pci"=>"6.2"}
low
Cookie without HttpOnly flag{"owasp10"=>"A7", "pci"=>"6.5.10"}
low
Cross Origin Resource Sharing: Arbitrary Origin Trusted{"owasp10"=>"A1", "pci"=>"6.5.8"}
low
Deprecated TLS protocol version 1.0 supported{"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}
low
Deprecated TLS protocol version 1.1 supported{"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}
low
Directory Listing{"owasp10"=>"A1"}
low
Dojo library with known vulnerabilities{"owasp10"=>"A5, A6", "pci"=>"6.2"}
low
DOMPurify library with known vulnerabilities{"owasp10"=>"A5, A6", "pci"=>"6.2"}
low
DWR library with known vulnerabilities{"owasp10"=>"A5, A6", "pci"=>"6.2"}
low
easyXDM library with known vulnerabilities{"owasp10"=>"A5, A6", "pci"=>"6.2"}
low
Ember library with known vulnerabilities{"owasp10"=>"A5, A6", "pci"=>"6.2"}
low
Expired TLS certificate{"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}
medium
Flowplayer library with known vulnerabilities{"owasp10"=>"A5, A6", "pci"=>"6.2"}
low
Full path disclosure{"pci"=>"6.5.5"}
low
GraphQL Introspection enabled{"owasp10"=>"A5"}
low
Handlebars library with known vulnerabilities{"owasp10"=>"A5, A6", "pci"=>"6.2"}
low
Heartbleed{"owasp10"=>"A6"}
high
HSTS header does not protect subdomains{"owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"}
low
HSTS header not enforced{"owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"}
low
HSTS header set in HTTP{"owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"}
low
HSTS header with low duration and no subdomain protection{"owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"}
low
HSTS header with low duration{"owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"}
low
HTTP TRACE method enabled{"owasp10"=>"A5"}
low
Inclusion of cryptocurrency mining script{}
high
Insecure Content Security Policy{"owasp10"=>"A5"}
low
Insecure crossdomain.xml policy{"owasp10"=>"A5"}
low
Insecure PHP Object deserialization{"owasp10"=>"A8"}
high
Insecure referrer policy{"owasp10"=>"A2, A5"}
low
Insecure Silverlight clientaccesspolicy.xml policy{"owasp10"=>"A5"}
high
Insecure SSL protocol version 2 supported{"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}
medium
Insecure SSL protocol version 3 supported{"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}
medium
Invalid referrer policy{"owasp10"=>"A2, A5"}
low
Joomla! version with known vulnerabilities{"owasp10"=>"A5, A6", "pci"=>"6.2"}
high
jPlayer library with known vulnerabilities{"owasp10"=>"A5, A6", "pci"=>"6.2"}
low
JQuery library with known vulnerabilities{"owasp10"=>"A5, A6", "pci"=>"6.2"}
low
JQuery Migrate library with known vulnerabilities{"owasp10"=>"A5, A6", "pci"=>"6.2"}
low
JQuery Mobile library with known vulnerabilities{"owasp10"=>"A5, A6", "pci"=>"6.2"}
low
jQuery UI library with known vulnerabilities{"owasp10"=>"A5, A6", "pci"=>"6.2"}
low
Knockout library with known vulnerabilities{"owasp10"=>"A5, A6", "pci"=>"6.2"}
low
Log file disclosure{"owasp10"=>"A5"}
low
Log4Shell{"owasp10"=>"A3", "pci"=>"6.5.1"}
high
Missing clickjacking protection{"owasp10"=>"A5"}
low
Missing Content Security Policy header{"owasp10"=>"A5"}
low
Missing cross-site request forgery protection{"owasp10"=>"A7", "pci"=>"6.5.9, 6.5.10"}
low
Missing redirect to HTTPS{}
low
Mixed content{"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}
low
Moment.js library with known vulnerabilities{"owasp10"=>"A5, A6", "pci"=>"6.2"}
low
Mustache library with known vulnerabilities{"owasp10"=>"A5, A6", "pci"=>"6.2"}
low
Open redirection{}
low
OS command injection{"owasp10"=>"A3", "pci"=>"6.5.1"}
high
Path traversal{"owasp10"=>"A1", "pci"=>"6.5.8"}
high
PHP code injection{"owasp10"=>"A3", "pci"=>"6.5.1"}
high
Plupload library with known vulnerabilities{"owasp10"=>"A5, A6", "pci"=>"6.2"}
low
Potential DoS on TLS Client Renegotiation{"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}
low
prettyPhoto library with known vulnerabilities{"owasp10"=>"A5, A6"}
low
Private IP addresses disclosed{}
low
Prototype library with known vulnerabilities{"owasp10"=>"A5, A6", "pci"=>"6.2"}
low
React library with known vulnerabilities{"owasp10"=>"A5, A6", "pci"=>"6.2"}
low
Referrer policy not defined{"owasp10"=>"A2, A5"}
low
Reflected cross-site scripting{"owasp10"=>"A3", "pci"=>"6.5.7"}
high
Remote File Inclusion{}
high
Secure Renegotiation is not supported{"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}
low
Secure TLS protocol version 1.2 not supported{"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}
low
Server Cipher Order not configured{"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}
high
Server-side JavaScript injection{"owasp10"=>"A3", "pci"=>"6.5.1"}
high
Server-side template injection{"owasp10"=>"A3", "pci"=>"6.5.1"}
high
Session Token in URL{"owasp10"=>"A2, A7", "pci"=>"6.5.10"}
medium
Sessvars library with known vulnerabilities{"owasp10"=>"A5, A6", "pci"=>"6.2"}
low
Spring Cloud SPEL Code Injection (CVE-2022-22963){}
high
Spring4Shell{}
high
SQL Injection{"owasp10"=>"A3", "pci"=>"6.5.1"}
high
SSL cookie without Secure flag{"owasp10"=>"A2, A7", "pci"=>"6.5.10"}
low
Stored cross-site scripting{"owasp10"=>"A3", "pci"=>"6.5.7"}
high
SWFObject library with known vulnerabilities{"owasp10"=>"A5, A6", "pci"=>"6.2"}
low
TinyMCE library with known vulnerabilities{"owasp10"=>"A5", "pci"=>"6.2"}
low
TLS certificate about to expire{"owasp10"=>"A2"}
low
TLS Downgrade attack prevention not supported{"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}
low
Unencrypted communications{"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}
high
Untrusted TLS certificate{"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}
medium
Vue.js library with known vulnerabilities{"owasp10"=>"A5, A6", "pci"=>"6.2"}
low
Weak cipher suites enabled{"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"}
medium
WordPress plugin with known vulnerabilities{"owasp10"=>"A5, A6", "pci"=>"6.2"}
high
WordPress version with known vulnerabilities{"owasp10"=>"A5, A6", "pci"=>"6.2"}
high
XML external entity injection{"owasp10"=>"A5"}
high
YUI library with known vulnerabilities{"owasp10"=>"A5, A6", "pci"=>"6.2"}
low