Vulnerabilities
Compliance
| Vulnerability Name | Compliance | Severity |
|---|---|---|
| AngularJS library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Application error message | {"ISO 27001"=>"A.5.33, A.5.34, A.8.4, A.8.9, A.8.12, A.8.26", "owasp10"=>"A5", "pci"=>"6.5.5"} | medium |
| ASP.NET debugging enabled | {"ISO 27001"=>"A.5.33, A.5.34, A.8.4, A.8.9, A.8.12", "owasp10"=>"A5", "pci"=>"6.5.5"} | low |
| ASP.NET tracing enabled | {"ISO 27001"=>"A.5.33, A.5.34, A.8.4, A.8.9, A.8.12", "owasp10"=>"A5", "pci"=>"6.5.5"} | high |
| ASP.NET ViewState without MAC | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5"} | low |
| Axios library with known vulnerabilities library with known vulnerabilities library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Axios library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Backbone library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Bootstrap library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Browser content sniffing allowed | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5"} | low |
| Browser XSS protection disabled | {"owasp10"=>"A5"} | low |
| Certificate with insufficient key size or usage, or insecure signature algorithm | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
| Certificate without revocation information | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
| Chart.js library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| CKEditor library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Cookie with SameSite attribute set to None | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24, A.8.26", "owasp10"=>"A2, A7", "pci"=>"4.1, 6.5.4, 6.5.10"} | low |
| Cookie without HttpOnly flag | {"ISO 27001"=>"A.8.26", "owasp10"=>"A7", "pci"=>"6.5.10"} | low |
| Cross Origin Resource Sharing: Arbitrary Origin Trusted | {"ISO 27001"=>"A.8.2, A.8.3, A.8.26", "owasp10"=>"A1", "pci"=>"6.5.8"} | low |
| Deprecated TLS protocol version 1.0 supported | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
| Deprecated TLS protocol version 1.1 supported | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
| Directory Listing | {"ISO 27001"=>"A.8.4, A.8.9", "owasp10"=>"A1, A5"} | low |
| Dojo library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| DOMPurify library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Drupal version with known vulnerabilities | {} | high |
| DWR library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| easyXDM library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Ember library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Expired TLS certificate | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | medium |
| Flowplayer library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Full path disclosure | {"ISO 27001"=>"A.8.4, A.8.9", "pci"=>"6.5.5"} | low |
| GraphQL Introspection enabled | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5"} | low |
| GraphQL Misconfiguration | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5"} | low |
| Handlebars library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Heartbleed | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.9, A.8.12", "owasp10"=>"A6"} | high |
| Hidden file found | {"ISO 27001"=>"A.8.4, A.8.9, A.8.15, A.8.26", "owasp10"=>"A1, A5"} | low |
| HSTS header does not protect subdomains | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"} | low |
| HSTS header not enforced | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"} | low |
| HSTS header set in HTTP | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"} | low |
| HSTS header with low duration and no subdomain protection | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"} | low |
| HSTS header with low duration | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"} | low |
| HTTP TRACE method enabled | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5"} | low |
| Inclusion of cryptocurrency mining script | {"owasp10"=>"A8"} | high |
| Insecure browser XSS protection enabled | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5"} | low |
| Insecure Content Security Policy | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5"} | low |
| Insecure crossdomain.xml policy | {"ISO 27001"=>"A.8.2, A.8.3, A.8.9, A.8.26", "owasp10"=>"A5"} | low |
| Insecure PHP Object deserialization | {"ISO 27001"=>"A.8.26", "owasp10"=>"A8"} | high |
| Insecure referrer policy | {"ISO 27001"=>"A.8.9", "owasp10"=>"A2, A5"} | low |
| Insecure Silverlight clientaccesspolicy.xml policy | {"ISO 27001"=>"A.8.2, A.8.3, A.8.9", "owasp10"=>"A5"} | high |
| Insecure SSL protocol version 2 supported | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | medium |
| Insecure SSL protocol version 3 supported | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | medium |
| Invalid referrer policy | {"ISO 27001"=>"A.8.9", "owasp10"=>"A2, A5"} | low |
| Joomla! version with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | high |
| jPlayer library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| JQuery library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| JQuery Migrate library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| JQuery Mobile library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| jQuery UI library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| JSZip library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| JWT accepting none algorithm | {"ISO 27001"=>"A.8.2, A.8.3, A.8.5, A.8.24, A.8.26", "owasp10"=>"A8"} | high |
| JWT algorithm confusion | {"ISO 27001"=>"A.8.2, A.8.3, A.8.5, A.8.24, A.8.26", "owasp10"=>"A8"} | high |
| JWT signature is not being verified | {"ISO 27001"=>"A.8.2, A.8.3, A.8.5, A.8.24, A.8.26", "owasp10"=>"A8"} | high |
| Knockout library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Log file disclosure | {"ISO 27001"=>"A.8.9, A.8.15", "owasp10"=>"A5"} | low |
| Log4Shell | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.9, A.8.12", "owasp10"=>"A3", "pci"=>"6.5.1"} | high |
| Missing clickjacking protection | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5"} | low |
| Missing Content Security Policy header | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5"} | low |
| Missing cross-site request forgery protection | {"ISO 27001"=>"A.8.2, A.8.3, A.8.26", "owasp10"=>"A7", "pci"=>"6.5.9, 6.5.10"} | low |
| Mixed content | {"ISO 27001"=>"A.5.14, A.8.24, A.8.26", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
| Moment.js library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| MongoDB Injection | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "owasp10"=>"A3", "pci"=>"6.5.1"} | high |
| Mustache library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Next.js library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Open redirection | {"ISO 27001"=>"A.8.26"} | low |
| OS command injection | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "owasp10"=>"A3", "pci"=>"6.5.1"} | high |
| Path traversal | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.4, A.8.12, A.8.26", "owasp10"=>"A1", "pci"=>"6.5.8"} | high |
| PHP code injection | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "owasp10"=>"A3", "pci"=>"6.5.1"} | high |
| Plupload library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Potential DoS on TLS Client Renegotiation | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
| prettyPhoto library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6"} | low |
| Private IP addresses disclosed | {"ISO 27001"=>"A.5.33, A.8.4, A.8.9, A.8.12", "owasp10"=>"A1, A5"} | low |
| Prototype library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Python code injection | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "owasp10"=>"A3", "pci"=>"6.5.1"} | high |
| React library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Referrer policy not defined | {"ISO 27001"=>"A.8.9", "owasp10"=>"A2, A5"} | low |
| Reflected cross-site scripting | {"ISO 27001"=>"A.8.26", "owasp10"=>"A3", "pci"=>"6.5.7"} | high |
| Remote File Inclusion | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.4, A.8.12, A.8.26", "pci"=>"6.5.1"} | high |
| Ruby code injection | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "pci"=>"6.5.1"} | high |
| Secure Renegotiation is not supported | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
| Secure TLS protocol version 1.2 not supported | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
| Server Cipher Order not configured | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | high |
| Server-side JavaScript injection | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "owasp10"=>"A3", "pci"=>"6.5.1"} | high |
| Server-side request forgery | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.4, A.8.12, A.8.26", "owasp10"=>"A10", "pci"=>"6.5.1"} | high |
| Server-side template injection | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "owasp10"=>"A3", "pci"=>"6.5.1"} | high |
| Session Token in URL | {"ISO 27001"=>"A.8.2, A.8.3, A.8.26", "owasp10"=>"A2, A7", "pci"=>"6.5.10"} | medium |
| Sessvars library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Spring Cloud SPEL Code Injection (CVE-2022-22963) | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.9, A.8.12"} | high |
| Spring4Shell | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.9, A.8.12"} | high |
| SQL Injection | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "owasp10"=>"A3", "pci"=>"6.5.1"} | high |
| SSL cookie without Secure flag | {"ISO 27001"=>"A.8.26", "owasp10"=>"A2, A7", "pci"=>"6.5.10"} | low |
| Stored cross-site scripting | {"ISO 27001"=>"A.8.26", "owasp10"=>"A3", "pci"=>"6.5.7"} | high |
| Svelte library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| SWFObject library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| TinyMCE library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5", "pci"=>"6.2"} | low |
| TLS certificate about to expire | {"ISO 27001"=>"A.8.9", "owasp10"=>"A2"} | low |
| TLS Downgrade attack prevention not supported | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
| Underscore.js library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Unencrypted communications | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | high |
| Untrusted TLS certificate | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | medium |
| Using jwk parameter to verify JWTs | {"ISO 27001"=>"A.8.2, A.8.3, A.8.5, A.8.24, A.8.26", "owasp10"=>"A8"} | high |
| Vue.js library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Weak cipher suites enabled | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | medium |
| Weak JWT HMAC secret | {"ISO 27001"=>"A.8.2, A.8.3, A.8.5, A.8.24, A.8.26", "owasp10"=>"A8"} | high |
| WordPress plugin with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | high |
| WordPress version with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | high |
| XML external entity injection | {"ISO 27001"=>"A.8.9, A.8.26", "owasp10"=>"A5"} | high |
| YUI library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
